XMLString.cpp

borisk Sun, 29 Jun 2008 03:06:57 -0700

Author: borisk
Date: Sun Jun 29 03:06:03 2008
New Revision: 672615

URL: http://svn.apache.org/viewvc?rev=672615&view=rev
Log:
Fix possible overflow when changing sing in a signed integer.


Modified:
    xerces/c/trunk/src/xercesc/util/XMLString.cpp

Modified: xerces/c/trunk/src/xercesc/util/XMLString.cpp
URL: 
http://svn.apache.org/viewvc/xerces/c/trunk/src/xercesc/util/XMLString.cpp?rev=672615&r1=672614&r2=672615&view=diff
==============================================================================
--- xerces/c/trunk/src/xercesc/util/XMLString.cpp (original)
+++ xerces/c/trunk/src/xercesc/util/XMLString.cpp Sun Jun 29 03:06:03 2008
@@ -294,7 +294,14 @@
     {
         toFill[0] = '-';
         startInd++;
-        actualVal = (XMLUInt64)(toFormat * -1);
+        // Signed integers can represent one extra negative value
+        // compared to the positive values. If we simply do (v * -1)
+        // we will overflow on that extra value.
+        //
+        XMLInt64 v = toFormat;
+        v++;
+        actualVal = (XMLUInt64)(v * -1);
+        actualVal++;
     }
     else
         actualVal = (XMLUInt64)(toFormat);
@@ -324,7 +331,14 @@
     {
         toFill[0] = '-';
         startInd++;
-        actualVal = (unsigned long)(toFormat * -1);
+        // Signed integers can represent one extra negative value
+        // compared to the positive values. If we simply do (v * -1)
+        // we will overflow on that extra value.
+        //
+        long v = toFormat;
+        v++;
+        actualVal = (unsigned long)(v * -1);
+        actualVal++;
     }
      else
     {
@@ -1042,7 +1056,14 @@
     {
         toFill[0] = chDash;
         startInd++;
-        actualVal = (XMLUInt64)(toFormat * -1);
+        // Signed integers can represent one extra negative value
+        // compared to the positive values. If we simply do (v * -1)
+        // we will overflow on that extra value.
+        //
+        XMLInt64 v = toFormat;
+        v++;
+        actualVal = (XMLUInt64)(v * -1);
+        actualVal++;
     }
      else
     {
@@ -1074,7 +1095,14 @@
     {
         toFill[0] = chDash;
         startInd++;
-        actualVal = (unsigned long)(toFormat * -1);
+        // Signed integers can represent one extra negative value
+        // compared to the positive values. If we simply do (v * -1)
+        // we will overflow on that extra value.
+        //
+        long v = toFormat;
+        v++;
+        actualVal = (unsigned long)(v * -1);
+        actualVal++;
     }
      else
     {



---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

svn commit: r672615 - /xerces/c/trunk/src/xercesc/util/XMLString.cpp

Reply via email to