Fix the potential overflow in char refs #1009
Conversation
|
github shows tab-identation with tab=8 while old code is indented by space (by 4). I think you can avoid this by adding .editorconfig file to the repo, or just use spaces consistently. :) WRT to code changes, LGTM, although I'm itching to simplify the implementation a bit, but that's more like personal bias to how manual parsers can be written... actually no, thinking about it, it's not just personal bias, your code can produce unexpected results for specially crafted inputs (not dangerous in security way, it would just produce ucs codepoint value within your limit but not matching the source file string, but my mind is a bit obsessed by code correctness). But if I write my version, I should probably test it if it compiles and works... argh... :D Are you open to such larger change suggestions and only if they are properly tested or is it worth just to propose untested code to you? Thank you for patience with me. ;) |
|
The fix wasn't quite correct - could overflow on bigger numbers. But - on the other hand - a bunch of leading zeros shouldn't cause a security problem. I think this is correct this time. |
|
@ped7g go easy on big changes - TinyXML2 is old code. It's not going to do anything new, although it's important to keep it running and safe. Point being, big changes don't generally do much but add risk. I'm certainly happy to look at an example PR of what you are thinking about. |
This lifts the tests from #1003 (which are quite nice.) The fix in #1003 was based on "not the best" code in TinyXML-2, so this cleans it up a bit, and attempts a tidier fix.