From 992ecf7c189e5cabf43e5ad862511cf63d030966 Mon Sep 17 00:00:00 2001
From: dsinclair <dsinclair@chromium.org>
Date: Wed, 14 Dec 2016 05:45:57 -0800
Subject: Verify precision length before converting to string.

This CL updates the CalculateString method to make sure the number of digits
of precision is valid before doing the stringstream conversion.

BUG=chromium:673336

Review-Url: https://codereview.chromium.org/2572543004
---
 fpdfsdk/javascript/PublicMethods.cpp | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/fpdfsdk/javascript/PublicMethods.cpp b/fpdfsdk/javascript/PublicMethods.cpp
index bfe48d5b65..c0ea84c0ae 100644
--- a/fpdfsdk/javascript/PublicMethods.cpp
+++ b/fpdfsdk/javascript/PublicMethods.cpp
@@ -8,6 +8,7 @@
 
 #include <algorithm>
 #include <iomanip>
+#include <limits>
 #include <sstream>
 #include <string>
 #include <vector>
@@ -95,6 +96,11 @@ CFX_ByteString CalculateString(double dValue,
   *bNegative = dValue < 0;
   if (*bNegative)
     dValue = -dValue;
+
+  // Make sure the number of precision characters will fit.
+  if (iDec > std::numeric_limits<double>::digits10)
+    iDec = std::numeric_limits<double>::digits10;
+
   std::stringstream ss;
   ss << std::fixed << std::setprecision(iDec) << dValue;
   std::string stringValue = ss.str();
-- 
cgit v1.2.3