[
https://issues.apache.org/jira/browse/XALANC-762?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Sergey Kurenkov updated XALANC-762:
-----------------------------------
Description:
in functions
void
DOMStringHelper::NumberToCharacters(
double theValue,
FormatterListener& formatterListener,
MemberFunctionPtr function)
and
NumberToDOMString(
double theValue,
XalanDOMString& theResult)
an array is created on stack in order to convert theValue:
char theBuffer[MAX_PRINTF_DIGITS + 1];
If theValue is quite big for example 1.79769e+308 which is the biggest possible
double value than theBuffer is overritten since it just allocates only 100
bytes for storing theValue whereas when this format string is used "%.35f" it
requires around 350 bytes to store the converted double.
I think, first MAX_PRINTF_DIGITS is used by mistake in this context. Instead
MAX_FLOAT_CHARACTERS should have been used. And MAX_FLOAT_CHARACTERS must be
defined like this:
// The maximum number of characters for a floating point number.
const size_t MAX_FLOAT_CHARACTERS = 400;
in order to have enough space to store 308 digits before the point, a point and
up to 35 digits after the point and the NULL terminator at the end
was:
in functions
void
DOMStringHelper::NumberToCharacters(
double theValue,
FormatterListener& formatterListener,
MemberFunctionPtr function)
and
NumberToDOMString(
double theValue,
XalanDOMString& theResult)
an array is created on stack in order to convert theValue:
char theBuffer[MAX_PRINTF_DIGITS + 1];
If theValue is quite big for example 1.79769e+308 which is the biggest possible
double value than theBuffer is overritten since it just allocates only 100
bytes for storing theValue whereas when this format string is used "%.35f" it
requires around 350 bytes to store the converted double.
> Stack is corrupted in DOMStringHelper::NumberToCharacters() if value is
> really big
> ----------------------------------------------------------------------------------
>
> Key: XALANC-762
> URL: https://issues.apache.org/jira/browse/XALANC-762
> Project: XalanC
> Issue Type: Bug
> Components: XalanC
> Affects Versions: 1.11
> Reporter: Sergey Kurenkov
> Assignee: Steven J. Hathaway
> Priority: Minor
>
> in functions
> void
> DOMStringHelper::NumberToCharacters(
> double theValue,
> FormatterListener& formatterListener,
> MemberFunctionPtr function)
> and
> NumberToDOMString(
> double theValue,
> XalanDOMString& theResult)
> an array is created on stack in order to convert theValue:
> char theBuffer[MAX_PRINTF_DIGITS + 1];
> If theValue is quite big for example 1.79769e+308 which is the biggest
> possible double value than theBuffer is overritten since it just allocates
> only 100 bytes for storing theValue whereas when this format string is used
> "%.35f" it requires around 350 bytes to store the converted double.
> I think, first MAX_PRINTF_DIGITS is used by mistake in this context. Instead
> MAX_FLOAT_CHARACTERS should have been used. And MAX_FLOAT_CHARACTERS must be
> defined like this:
> // The maximum number of characters for a floating point number.
>
> const size_t MAX_FLOAT_CHARACTERS = 400;
> in order to have enough space to store 308 digits before the point, a point
> and up to 35 digits after the point and the NULL terminator at the end
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
