Commit 91d0540a authored by Nick Wellnhofer's avatar Nick Wellnhofer

Lower and upper bound for format token "i"

Handle xsl:number with format "i" and value 0 according to XSLT 2.0.

Also introduce an upper bound to fix a denial of service.
parent 40503428
......@@ -274,10 +274,23 @@ xsltNumberFormatAlpha(xsltNumberDataPtr data,
}
static void
xsltNumberFormatRoman(xmlBufferPtr buffer,
xsltNumberFormatRoman(xsltNumberDataPtr data,
xmlBufferPtr buffer,
double number,
int is_upper)
{
/*
* See discussion in xsltNumberFormatAlpha. Also use a reasonable upper
* bound to avoid denial of service.
*/
if (number < 1.0 || number > 5000.0) {
xsltNumberFormatDecimal(buffer, number, '0', 1,
data->digitsPerGroup,
data->groupingCharacter,
data->groupingCharacterLen);
return;
}
/*
* Based on an example by Jim Walsh
*/
......@@ -527,16 +540,10 @@ xsltNumberFormatInsertNumbers(xsltNumberDataPtr data,
xsltNumberFormatAlpha(data, buffer, number, FALSE);
break;
case 'I':
xsltNumberFormatRoman(buffer,
number,
TRUE);
xsltNumberFormatRoman(data, buffer, number, TRUE);
break;
case 'i':
xsltNumberFormatRoman(buffer,
number,
FALSE);
xsltNumberFormatRoman(data, buffer, number, FALSE);
break;
default:
if (IS_DIGIT_ZERO(token->token)) {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment