Hi everyone,
This is a patch for Bug 18611 (a bug I opened several months back). It's
the same as the one attached to the bug but against the latest CVS. The
parser isn't checking for overflow (and thus accepts anything mod
2^32 which matches Char) when scanning character references. Instead of
failing, when it reads � it's replaced with '5'. Just posting
this to the list so that it doesn't get lost in the growing bug parade.
---------------------------
Michael Glavassevich
XML Parser Development
IBM Toronto Lab
E-mail: [EMAIL PROTECTED]
E-mail: [EMAIL PROTECTED]
Index: xml-xerces/c/src/xercesc/internal/XMLScanner.cpp
===================================================================
RCS file: /home/cvs/xml-xerces/c/src/xercesc/internal/XMLScanner.cpp,v
retrieving revision 1.56
diff -u -r1.56 XMLScanner.cpp
--- xml-xerces/c/src/xercesc/internal/XMLScanner.cpp 17 Dec 2003 00:18:34 -0000
1.56
+++ xml-xerces/c/src/xercesc/internal/XMLScanner.cpp 19 Dec 2003 22:45:41 -0000
@@ -1981,6 +1981,12 @@
else
{
value = (value * radix) + nextVal;
+ // Guard against overflow.
+ if (value > 0x10FFFF) {
+ // Character reference was not in the valid range
+ emitError(XMLErrs::InvalidCharacterRef);
+ return false;
+ }
}
// Indicate that we got at least one good digit---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
