DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=18611>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=18611 Scanner permits some invalid character references. Summary: Scanner permits some invalid character references. Product: Xerces-C++ Version: Nightly build (please specify the date) Platform: All OS/Version: All Status: NEW Severity: Minor Priority: Other Component: Miscellaneous AssignedTo: [EMAIL PROTECTED] ReportedBy: [EMAIL PROTECTED] Revision 1.40 of xercesc/internal/XMLScanner.cpp in CVS. I haven't tested this, but just looking at the code, there's no check for overflow when computing the value of a character reference. Assuming an unsigned int is 32-bit, it looks like � (2^32) is going to be treated as if it were �. This is a problem for any ref mod 2^32 (ref > 2^32 -1) which falls between 0x10000-0x10FFFF, and less than 0xFFFD. See bool XMLScanner::scanCharRef(XMLCh& toFill, XMLCh& second). --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
