[ https://issues.apache.org/jira/browse/XALANC-762?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Sergey Kurenkov updated XALANC-762: ----------------------------------- Description: in functions void DOMStringHelper::NumberToCharacters( double theValue, FormatterListener& formatterListener, MemberFunctionPtr function) and NumberToDOMString( double theValue, XalanDOMString& theResult) an array is created on stack in order to convert theValue: char theBuffer[MAX_PRINTF_DIGITS + 1]; If theValue is quite big for example 1.79769e+308 which is the biggest possible double value than theBuffer is overritten since it just allocates only 100 bytes for storing theValue whereas when this format string is used "%.35f" it requires around 350 bytes to store the converted double. I think, first MAX_PRINTF_DIGITS is used by mistake in this context. Instead MAX_FLOAT_CHARACTERS should have been used. And MAX_FLOAT_CHARACTERS must be defined like this: // The maximum number of characters for a floating point number. const size_t MAX_FLOAT_CHARACTERS = 400; in order to have enough space to store 308 digits before the point, a point and up to 35 digits after the point and the NULL terminator at the end was: in functions void DOMStringHelper::NumberToCharacters( double theValue, FormatterListener& formatterListener, MemberFunctionPtr function) and NumberToDOMString( double theValue, XalanDOMString& theResult) an array is created on stack in order to convert theValue: char theBuffer[MAX_PRINTF_DIGITS + 1]; If theValue is quite big for example 1.79769e+308 which is the biggest possible double value than theBuffer is overritten since it just allocates only 100 bytes for storing theValue whereas when this format string is used "%.35f" it requires around 350 bytes to store the converted double. > Stack is corrupted in DOMStringHelper::NumberToCharacters() if value is > really big > ---------------------------------------------------------------------------------- > > Key: XALANC-762 > URL: https://issues.apache.org/jira/browse/XALANC-762 > Project: XalanC > Issue Type: Bug > Components: XalanC > Affects Versions: 1.11 > Reporter: Sergey Kurenkov > Assignee: Steven J. Hathaway > Priority: Minor > > in functions > void > DOMStringHelper::NumberToCharacters( > double theValue, > FormatterListener& formatterListener, > MemberFunctionPtr function) > and > NumberToDOMString( > double theValue, > XalanDOMString& theResult) > an array is created on stack in order to convert theValue: > char theBuffer[MAX_PRINTF_DIGITS + 1]; > If theValue is quite big for example 1.79769e+308 which is the biggest > possible double value than theBuffer is overritten since it just allocates > only 100 bytes for storing theValue whereas when this format string is used > "%.35f" it requires around 350 bytes to store the converted double. > I think, first MAX_PRINTF_DIGITS is used by mistake in this context. Instead > MAX_FLOAT_CHARACTERS should have been used. And MAX_FLOAT_CHARACTERS must be > defined like this: > // The maximum number of characters for a floating point number. > > const size_t MAX_FLOAT_CHARACTERS = 400; > in order to have enough space to store 308 digits before the point, a point > and up to 35 digits after the point and the NULL terminator at the end -- This message was sent by Atlassian JIRA (v6.3.4#6332) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@xalan.apache.org For additional commands, e-mail: dev-h...@xalan.apache.org