Re: [xml] "double"s and schema validation

From: Daniel Veillard <veillard redhat com>
To: Csaba Raduly <rcsaba gmail com>
Cc: xml gnome org
Subject: Re: [xml] "double"s and schema validation
Date: Wed, 28 Jul 2010 11:44:30 +0200

On Thu, Jul 22, 2010 at 02:38:16PM +0200, Csaba Raduly wrote:

On Wed, Jul 21, 2010 at 6:19 PM, Andrew W. Nosenko  wrote:

On Wed, Jul 21, 2010 at 14:23, Csaba Raduly wrote:

On Tue, Jul 20, 2010 at 3:40 AM, Dan Sommers  wrote:

...

I tracked it down to xmlschematypes.c, starting around line 2465, where
it starts scanning the input for something suitable for sscanf("%lf").
Should that code contain an extra check that there is at least one digit
somewhere?


I think you are right. This code:
               while ((*cur >= '0') && (*cur <= '9')) {
                   cur++;
               }
accepts 0 or more digits (before the period); perhaps it should check
for 1 or more digits instead:


No!  The case like ".5" instead of "0.5" is perfectly valid and widely used!
Whether the "." or "e" are valid string representation of the "double"
type or should be rejected -- it's another matter.  But zero digits
before dot are absolutely correct and should be allowed.


Just because it's widely used it doesn't mean that it is "absolutely correct" :)
(Also, the rules for what's a valid float in C may not be the same for XSD)

Anyway, here's a revised version:
--- xmlschemastypes2.c  2010-07-21 13:17:12.229467800 +0200
+++ xmlschemastypes.c   2010-07-22 14:00:05.965759600 +0200
@@ -2392,6 +2392,8 @@
         case XML_SCHEMAS_DOUBLE:{
                 const xmlChar *cur = value;
                 int neg = 0;
+                int digits_before = 0;
+                int digits_after  = 0;

         if (normOnTheFly)
             while IS_WSP_BLANK_CH(*cur) cur++;
@@ -2463,13 +2465,16 @@
                 if ((cur[0] == 0) || (cur[0] == '+') || (cur[0] == '-'))
                     goto return1;
                 while ((*cur >= '0') && (*cur <= '9')) {
-                    cur++;
+                    digits_before++; cur++;
                 }
                 if (*cur == '.') {
                     cur++;
-                    while ((*cur >= '0') && (*cur <= '9'))
-                        cur++;
+                    while ((*cur >= '0') && (*cur <= '9')) {
+                        digits_after++; cur++;
+                    }
                 }
+                if (digits_before + digits_after == 0)
+                    goto return1;
                 if ((*cur == 'e') || (*cur == 'E')) {
                     cur++;
                     if ((*cur == '-') || (*cur == '+'))


  Okay that patch looks fine, except for mail mangling and code format,
so I applied it manually, look fine, passes regtests, so pushed to git,

 thanks !

Daniel

-- 
Daniel Veillard      | libxml Gnome XML XSLT toolkit  http://xmlsoft.org/
daniel veillard com  | Rpmfind RPM search engine http://rpmfind.net/
http://veillard.com/ | virtualization library  http://libvirt.org/

Follow-Ups:
- Re: [xml] "double"s and schema validation
  - From: Csaba Raduly

References:
- [xml] "double"s and schema validation
  - From: Dan Sommers
- Re: [xml] "double"s and schema validation
  - From: Csaba Raduly
- Re: [xml] "double"s and schema validation
  - From: Andrew W. Nosenko
- Re: [xml] "double"s and schema validation
  - From: Csaba Raduly

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]