[Ada] Avoid buffer overflow in Long_Long_Float_Text_IO

2020-06-04  Steve Baird  <baird@adacore.com>

gcc/ada/

	* libgnat/s-imgrea.ads: Declare a named number
	Max_Real_Image_Length with value 5200.  Provide a comment
	explaining why this value was chosen.
	* libgnat/s-imgrea.adb (Set_Image_Real): Increase the upper
	bound of the local String variable Digs to
	Max_Real_Image_Length.
	* libgnat/a-tiflau.adb (Put): Increase the upper bound of the
	local String variable Buf to Max_Real_Image_Length.
	(Puts): Increase the upper bound of the local String variable
	Buf to Max_Real_Image_Length.

1 files changed, 3 insertions, 8 deletions

diff --git a/gcc/ada/libgnat/s-imgrea.adb b/gcc/ada/libgnat/s-imgrea.adb
index 642724b..68b1fdc 100644
--- a/gcc/ada/libgnat/s-imgrea.adb
+++ b/gcc/ada/libgnat/s-imgrea.adb
@@ -151,14 +151,9 @@ package body System.Img_Real is
       Scale : Integer;
       Expon : Integer;
 
-      Field_Max : constant := 255;
-      --  This should be the same value as Ada.[Wide_]Text_IO.Field'Last.
-      --  It is not worth dragging in Ada.Text_IO to pick up this value,
-      --  since it really should never be necessary to change it.
-
-      Digs : String (1 .. 2 * Field_Max + 16);
-      --  Array used to hold digits of converted integer value. This is a
-      --  large enough buffer to accommodate ludicrous values of Fore and Aft.
+      Digs : String (1 .. Max_Real_Image_Length);
+      --  Array used to hold digits of converted integer value. This is a large
+      --  enough buffer to accommodate ludicrous Fore/Aft/Exp combinations.
 
       Ndigs : Natural;
       --  Number of digits stored in Digs (and also subscript of last digit)