On Wed, Jul 21, 2010 at 6:19 PM, Andrew W. Nosenko wrote: > On Wed, Jul 21, 2010 at 14:23, Csaba Raduly wrote: >> On Tue, Jul 20, 2010 at 3:40 AM, Dan Sommers wrote: ... >>> I tracked it down to xmlschematypes.c, starting around line 2465, where >>> it starts scanning the input for something suitable for sscanf("%lf"). >>> Should that code contain an extra check that there is at least one digit >>> somewhere? >> >> I think you are right. This code: >> while ((*cur >= '0') && (*cur <= '9')) { >> cur++; >> } >> accepts 0 or more digits (before the period); perhaps it should check >> for 1 or more digits instead: > > No! The case like ".5" instead of "0.5" is perfectly valid and widely used! > Whether the "." or "e" are valid string representation of the "double" > type or should be rejected -- it's another matter. But zero digits > before dot are absolutely correct and should be allowed.
Just because it's widely used it doesn't mean that it is "absolutely correct" :) (Also, the rules for what's a valid float in C may not be the same for XSD) Anyway, here's a revised version: --- xmlschemastypes2.c 2010-07-21 13:17:12.229467800 +0200 +++ xmlschemastypes.c 2010-07-22 14:00:05.965759600 +0200 @@ -2392,6 +2392,8 @@ case XML_SCHEMAS_DOUBLE:{ const xmlChar *cur = value; int neg = 0; + int digits_before = 0; + int digits_after = 0; if (normOnTheFly) while IS_WSP_BLANK_CH(*cur) cur++; @@ -2463,13 +2465,16 @@ if ((cur[0] == 0) || (cur[0] == '+') || (cur[0] == '-')) goto return1; while ((*cur >= '0') && (*cur <= '9')) { - cur++; + digits_before++; cur++; } if (*cur == '.') { cur++; - while ((*cur >= '0') && (*cur <= '9')) - cur++; + while ((*cur >= '0') && (*cur <= '9')) { + digits_after++; cur++; + } } + if (digits_before + digits_after == 0) + goto return1; if ((*cur == 'e') || (*cur == 'E')) { cur++; if ((*cur == '-') || (*cur == '+')) -- Life is complex, with real and imaginary parts. "Ok, it boots. Which means it must be bug-free and perfect. " -- Linus Torvalds "People disagree with me. I just ignore them." -- Linus Torvalds _______________________________________________ xml mailing list, project page http://xmlsoft.org/ xml@gnome.org http://mail.gnome.org/mailman/listinfo/xml