From e53d62235968ebbde3ba7bcef64cd9458cbfb8da Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sa=C3=BAl=20Ibarra=20Corretg=C3=A9?= <s@saghul.net>
Date: Fri, 22 Dec 2023 22:50:02 +0100
Subject: [PATCH] Fix UB in js_dtoa1

---
 quickjs.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/quickjs.c b/quickjs.c
index c39e83c..63af9f0 100644
--- a/quickjs.c
+++ b/quickjs.c
@@ -11492,8 +11492,10 @@ static void js_dtoa1(char *buf, double d, int radix, int n_digits, int flags)
     } else if (flags == JS_DTOA_VAR_FORMAT) {
         int64_t i64;
         char buf1[70], *ptr;
+        if (d > (double)MAX_SAFE_INTEGER || d < (double)-MAX_SAFE_INTEGER)
+            goto generic_conv;
         i64 = (int64_t)d;
-        if (d != i64 || i64 > MAX_SAFE_INTEGER || i64 < -MAX_SAFE_INTEGER)
+        if (d != i64)
             goto generic_conv;
         /* fast path for integers */
         ptr = i64toa(buf1 + sizeof(buf1), i64, radix);