[quake3-bugzilla] [Bug 5487] New: More intelligent exponentiation in strtod/strtol

[bugzilla-daemon at icculus.org]

https://bugzilla.icculus.org/show_bug.cgi?id=5487

           Summary: More intelligent exponentiation in strtod/strtol
           Product: ioquake3
           Version: unspecified
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Severity: trivial
          Priority: P3
         Component: Misc
        AssignedTo: zakk at icculus.org
        ReportedBy: bugzilla at benmachine.co.uk
         QAContact: quake3-bugzilla at icculus.org


Originally I was concerned that the linear-time exponentiation in strtod/strtol
was a security flaw: parsing a number with a really big exponent would take
really long, acting as a DoS attack.

However, the current implementation checks for overflow and underflow and hence
I can't see a way to get the loop to run more than a few hundred times, so
there doesn't seem to be any security risk after all. Nevertheless, by the time
I worked this out I'd already written a more intelligent exponentiation
function, so here it is.

Thanks to kevlarman for making me find the iterative instead of the recursive
version.

-- 
Configure bugmail: https://bugzilla.icculus.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.