tinyxml2 icon indicating copy to clipboard operation
tinyxml2 copied to clipboard

Published 20 hours ago verified publisher icon leethomason

Bad overflow management in QueryUnsignedAttribute

Open mr-potato-head opened this issue 6 years ago • 1 comments

When I try to parse 10 000 000 000 (hex : 2 540B E400) with QueryUnsignedAttribute I get 1 410 065 408 (hex : 540B E400).

I was expecting 4 294 967 295 (hex : FFFF FFFF), max value for uint32_t (unsigned int) or better XML_ERROR.

I think this is really dangerous, no ?

Note : I work on a Linux Lubuntu 64 Bits / G++ compiler.

Thanks for all the work done on this beautiful library.

mr-potato-head avatar Dec 20 '18 09:12 mr-potato-head

https://stackoverflow.com/questions/28007600/detecting-integral-overflow-with-scanf Looks like sscanf() yields undefined behavior if the value being parsed cannot fit into the variable.

Dmitry-Me avatar Dec 26 '18 22:12 Dmitry-Me