From cf493254b72e89ac01cd1a02615d8e31c07d039a Mon Sep 17 00:00:00 2001
From: Paul Dreik <github@pauldreik.se>
Date: Mon, 4 Nov 2019 22:54:03 +0100
Subject: [PATCH] fix integer overflow in subnormal_power10 (#355)

detected by oss-fuzz

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18714
---
 src/numberparsing.h | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/src/numberparsing.h b/src/numberparsing.h
index 156e4c0b..a41c0174 100644
--- a/src/numberparsing.h
+++ b/src/numberparsing.h
@@ -185,7 +185,13 @@ static inline uint32_t parse_eight_digits_unrolled(const char *chars) {
 //
 // This function computes base * 10 ^ (- negative_exponent ).
 // It is only even going to be used when negative_exponent is tiny.
-static double subnormal_power10(double base, int negative_exponent) {
+static double subnormal_power10(double base, int64_t negative_exponent) {
+    // avoid integer overflows in the pow expression, those values would
+    // become zero anyway.
+    if(negative_exponent < -1000) {
+        return 0;
+    }
+
   // this is probably not going to be fast
   return base * 1e-308 * pow(10, negative_exponent + 308);
 }