8000 Stack smash with String(float, precision) · Issue #5873 · espressif/arduino-esp32 · GitHub
[go: up one dir, main page]

Skip to content
Stack smash with String(float, precision) #5873
Closed
@MitchBradley

Description

@MitchBradley

Passing a large floating point value, or a large precision, to String::String(float value, unsigned char decimalPlaces) causes a stack smash.

Any one of these lines, individually, in any context, will do it:

    String s = String(1e31f, 0);
    String s = String(-1.0f, 30);
    String s = String(0.0f, 31);

The problem is in WString.cpp which uses a buffer of length 33 char buf[33] Since FLT_MAX is 3.4e38, 33 bytes is not enough. Furthermore, there is no limit on the precision value that can be passed through to dtostrf(), so you can crash it either with large floating point values or large precision numbers.

To fix it without going into dtostrf(), you would have to both increase the buffer size to around 80 - accounting for possible minus sign, decimal point, 39 predecimal digits, 38 postdecimal digits, and null terminator, and also limit the number of decimal places to 38.

The problem is even worse with the version of String whose argument is double; there the buffer size would need to be about 620.

Metadata

Metadata

Assignees

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions

    0