On Thu, Jul 22, 2010 at 02:38:16PM +0200, Csaba Raduly wrote:
> On Wed, Jul 21, 2010 at 6:19 PM, Andrew W. Nosenko wrote:
> > On Wed, Jul 21, 2010 at 14:23, Csaba Raduly wrote:
> >> On Tue, Jul 20, 2010 at 3:40 AM, Dan Sommers wrote:
> ...
> >>> I tracked it down to xmlschematypes.c, starting around line 2465, where
> >>> it starts scanning the input for something suitable for sscanf("%lf").
> >>> Should that code contain an extra check that there is at least one digit
> >>> somewhere?
> >>
> >> I think you are right. This code:
> >> while ((*cur >= '0') && (*cur <= '9')) {
> >> cur++;
> >> }
> >> accepts 0 or more digits (before the period); perhaps it should check
> >> for 1 or more digits instead:
> >
> > No! The case like ".5" instead of "0.5" is perfectly valid and widely used!
> > Whether the "." or "e" are valid string representation of the "double"
> > type or should be rejected -- it's another matter. But zero digits
> > before dot are absolutely correct and should be allowed.
>
> Just because it's widely used it doesn't mean that it is "absolutely correct"
> :)
> (Also, the rules for what's a valid float in C may not be the same for XSD)
>
> Anyway, here's a revised version:
> --- xmlschemastypes2.c 2010-07-21 13:17:12.229467800 +0200
> +++ xmlschemastypes.c 2010-07-22 14:00:05.965759600 +0200
> @@ -2392,6 +2392,8 @@
> case XML_SCHEMAS_DOUBLE:{
> const xmlChar *cur = value;
> int neg = 0;
> + int digits_before = 0;
> + int digits_after = 0;
>
> if (normOnTheFly)
> while IS_WSP_BLANK_CH(*cur) cur++;
> @@ -2463,13 +2465,16 @@
> if ((cur[0] == 0) || (cur[0] == '+') || (cur[0] == '-'))
> goto return1;
> while ((*cur >= '0') && (*cur <= '9')) {
> - cur++;
> + digits_before++; cur++;
> }
> if (*cur == '.') {
> cur++;
> - while ((*cur >= '0') && (*cur <= '9'))
> - cur++;
> + while ((*cur >= '0') && (*cur <= '9')) {
> + digits_after++; cur++;
> + }
> }
> + if (digits_before + digits_after == 0)
> + goto return1;
> if ((*cur == 'e') || (*cur == 'E')) {
> cur++;
> if ((*cur == '-') || (*cur == '+'))
Okay that patch looks fine, except for mail mangling and code format,
so I applied it manually, look fine, passes regtests, so pushed to git,
thanks !
Daniel
--
Daniel Veillard | libxml Gnome XML XSLT toolkit http://xmlsoft.org/
[email protected] | Rpmfind RPM search engine http://rpmfind.net/
http://veillard.com/ | virtualization library http://libvirt.org/
_______________________________________________
xml mailing list, project page http://xmlsoft.org/
[email protected]
http://mail.gnome.org/mailman/listinfo/xml
