From 1a1828648f3c06580ffe7a9f78c557a9e73c5bcd Mon Sep 17 00:00:00 2001 From: Karen Arutyunov Date: Mon, 1 Apr 2024 20:42:27 +0300 Subject: Upgrade to 3.2.5 Note that this upstream version properly fixes the use-after-free error (CVE-2018-1311) triggered during the scanning of external DTDs (see https://issues.apache.org/jira/browse/XERCESC-2188 for details). --- libxerces-c/xercesc/util/XMLFloat.cpp | 101 +--------------------------------- 1 file changed, 1 insertion(+), 100 deletions(-) mode change 100644 => 120000 libxerces-c/xercesc/util/XMLFloat.cpp (limited to 'libxerces-c/xercesc/util/XMLFloat.cpp') diff --git a/libxerces-c/xercesc/util/XMLFloat.cpp b/libxerces-c/xercesc/util/XMLFloat.cpp deleted file mode 100644 index 600d2a7..0000000 --- a/libxerces-c/xercesc/util/XMLFloat.cpp +++ /dev/null @@ -1,100 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -/* - * $Id$ - */ - -// --------------------------------------------------------------------------- -// Includes -// --------------------------------------------------------------------------- -#include -#include - -XERCES_CPP_NAMESPACE_BEGIN - -// --------------------------------------------------------------------------- -// ctor/dtor -// --------------------------------------------------------------------------- -XMLFloat::XMLFloat(const XMLCh* const strValue, - MemoryManager* const manager) -:XMLAbstractDoubleFloat(manager) -{ - init(strValue); -} - -XMLFloat::~XMLFloat() -{ -} - -void XMLFloat::checkBoundary(char* const strValue) -{ - convert(strValue); - - if (fDataConverted == false) - { - /** - * float related checking - */ - - // 3.2.4 The basic value space of float consists of the values m × 2^e, where - // m is an integer whose absolute value is less than 2^24, - // and e is an integer between -149 and 104, inclusive - static const double fltMin = pow(2.0,-149); - static const double fltMax = pow(2.0,24) * pow(2.0,104); - if (fValue < (-1) * fltMax) - { - fType = NegINF; - fDataConverted = true; - fDataOverflowed = true; - } - else if (fValue > (-1)*fltMin && fValue < 0) - { - fDataConverted = true; - fValue = 0; - } - else if (fValue > 0 && fValue < fltMin ) - { - fDataConverted = true; - fValue = 0; - } - else if (fValue > fltMax) - { - fType = PosINF; - fDataConverted = true; - fDataOverflowed = true; - } - } -} - -/*** - * Support for Serialization/De-serialization - ***/ - -IMPL_XSERIALIZABLE_TOCREATE(XMLFloat) - -XMLFloat::XMLFloat(MemoryManager* const manager) -:XMLAbstractDoubleFloat(manager) -{ -} - -void XMLFloat::serialize(XSerializeEngine& serEng) -{ - XMLAbstractDoubleFloat::serialize(serEng); -} - -XERCES_CPP_NAMESPACE_END diff --git a/libxerces-c/xercesc/util/XMLFloat.cpp b/libxerces-c/xercesc/util/XMLFloat.cpp new file mode 120000 index 0000000..aaee503 --- /dev/null +++ b/libxerces-c/xercesc/util/XMLFloat.cpp @@ -0,0 +1 @@ +../../../upstream/src/xercesc/util/XMLFloat.cpp \ No newline at end of file -- cgit v1.1