76 lines
2.4 KiB
Diff
76 lines
2.4 KiB
Diff
From 405034286fbdd6166229335b7203a41bf53b40fc Mon Sep 17 00:00:00 2001
|
|
From: Nick Wellnhofer <wellnhofer@aevum.de>
|
|
Date: Sun, 10 Apr 2016 13:11:31 +0200
|
|
Subject: [PATCH] Lower bound for format token "a"
|
|
|
|
Handle xsl:number with format "a" and value 0 according to XSLT 2.0.
|
|
|
|
Fixes an OOB array access in xsltNumberFormatAlpha.
|
|
---
|
|
libxslt/numbers.c | 33 ++++++++++++++++++++++++---------
|
|
1 file changed, 24 insertions(+), 9 deletions(-)
|
|
|
|
diff --git a/libxslt/numbers.c b/libxslt/numbers.c
|
|
index a3cabcf..af52883 100644
|
|
--- a/libxslt/numbers.c
|
|
+++ b/libxslt/numbers.c
|
|
@@ -227,7 +227,8 @@ xsltNumberFormatDecimal(xmlBufferPtr buffer,
|
|
}
|
|
|
|
static void
|
|
-xsltNumberFormatAlpha(xmlBufferPtr buffer,
|
|
+xsltNumberFormatAlpha(xsltNumberDataPtr data,
|
|
+ xmlBufferPtr buffer,
|
|
double number,
|
|
int is_upper)
|
|
{
|
|
@@ -237,6 +238,26 @@ xsltNumberFormatAlpha(xmlBufferPtr buffer,
|
|
char *alpha_list;
|
|
double alpha_size = (double)(sizeof(alpha_upper_list) - 1);
|
|
|
|
+ /*
|
|
+ * XSLT 1.0 isn't clear on how to handle zero, but XSLT 2.0 says:
|
|
+ *
|
|
+ * For all format tokens other than the first kind above (one that
|
|
+ * consists of decimal digits), there may be implementation-defined
|
|
+ * lower and upper bounds on the range of numbers that can be
|
|
+ * formatted using this format token; indeed, for some numbering
|
|
+ * sequences there may be intrinsic limits. [...] Numbers that fall
|
|
+ * outside this range must be formatted using the format token 1.
|
|
+ *
|
|
+ * The "a" token has an intrinsic lower limit of 1.
|
|
+ */
|
|
+ if (number < 1.0) {
|
|
+ xsltNumberFormatDecimal(buffer, number, '0', 1,
|
|
+ data->digitsPerGroup,
|
|
+ data->groupingCharacter,
|
|
+ data->groupingCharacterLen);
|
|
+ return;
|
|
+ }
|
|
+
|
|
/* Build buffer from back */
|
|
pointer = &temp_string[sizeof(temp_string)];
|
|
*(--pointer) = 0;
|
|
@@ -500,16 +521,10 @@ xsltNumberFormatInsertNumbers(xsltNumberDataPtr data,
|
|
|
|
switch (token->token) {
|
|
case 'A':
|
|
- xsltNumberFormatAlpha(buffer,
|
|
- number,
|
|
- TRUE);
|
|
-
|
|
+ xsltNumberFormatAlpha(data, buffer, number, TRUE);
|
|
break;
|
|
case 'a':
|
|
- xsltNumberFormatAlpha(buffer,
|
|
- number,
|
|
- FALSE);
|
|
-
|
|
+ xsltNumberFormatAlpha(data, buffer, number, FALSE);
|
|
break;
|
|
case 'I':
|
|
xsltNumberFormatRoman(buffer,
|
|
--
|
|
2.8.1
|
|
|