From 7231d01fcb2cd9ef9ffbfea03b724892c8a4026e Mon Sep 17 00:00:00 2001
From: "David G. Andersen" <dga@google.com>
Date: Thu, 20 Oct 2016 18:25:04 -0800
Subject: Fix out-of-bounds read discovered by libFuzzer.
 locale_independent_strtonum returned str-1 incorrectly if there was overflow,
 because s.fail() was set, which causes s.tellg() to return -1. Change:
 136790139

---
 tensorflow/core/lib/strings/numbers.cc | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'tensorflow/core/lib/strings/numbers.cc')

diff --git a/tensorflow/core/lib/strings/numbers.cc b/tensorflow/core/lib/strings/numbers.cc
index 797233e746..4df0f54378 100644
--- a/tensorflow/core/lib/strings/numbers.cc
+++ b/tensorflow/core/lib/strings/numbers.cc
@@ -86,9 +86,11 @@ T locale_independent_strtonum(const char* str, const char** endptr) {
     if (result == std::numeric_limits<T>::max()) {
       result = std::numeric_limits<T>::infinity();
       real_fail = false;
+      s.clear(s.rdstate() & ~std::ios::failbit);
     } else if (result == -std::numeric_limits<T>::max()) {
       result = -std::numeric_limits<T>::infinity();
       real_fail = false;
+      s.clear(s.rdstate() & ~std::ios::failbit);
     }
   }
 
-- 
cgit v1.2.3