[XERCESC-850] Scanner permits some invalid character references. - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Resolution: Fixed
Affects Version/s: 2.4.0
Fix Version/s: 2.5.0
Component/s: Miscellaneous
Labels:
None
Environment:
Operating System: All
Platform: All

Bugzilla Id:
18611

Description

Revision 1.40 of xercesc/internal/XMLScanner.cpp in CVS.

I haven't tested this, but just looking at the code, there's no check for
overflow when computing the value of a character reference.

Assuming an unsigned int is 32-bit, it looks like &#4294967296; (2^32) is going
to be treated as if it were �. This is a problem for any ref mod 2^32 (ref >
2^32 -1) which falls between 0x10000-0x10FFFF, and less than 0xFFFD.

See bool XMLScanner::scanCharRef(XMLCh& toFill, XMLCh& second).

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

ASF.LICENSE.NOT.GRANTED--xmlscanner.patch
22/Jul/03 03:36
0.8 kB
Michael Glavassevich

Activity

People

Assignee:: Unassigned

Reporter:: Michael Glavassevich

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 02/Apr/03 22:40

Updated:: 12/Mar/18 03:55

Resolved:: 09/Apr/04 16:34