commit bab9b6d59cef84e57259e98b4b61cbc143c7d357
author Dmitry-Me <wipedout@yandex.ru> Sat Mar 14 16:41:46 2015 +0300
committer Dmitry-Me <wipedout@yandex.ru> Sat Mar 14 16:41:46 2015 +0300
tree 50ebe747db6c132c9f198eba14b4c631cbd8bc2f
parent 0f922e7c9af73d411646f7faddf909cc9c42ca0e

More asserts in numbers parsing

tinyxml2.cpp

diff --git a/tinyxml2.cpp b/tinyxml2.cpp
index ef00f13..32ad143 100755
--- a/tinyxml2.cpp
+++ b/tinyxml2.cpp
@@ -374,18 +374,23 @@
             --q;

 

             while ( *q != 'x' ) {

+                unsigned int digit;

                 if ( *q >= '0' && *q <= '9' ) {

-                    ucs += mult * (*q - '0');

+                    digit = *q - '0';

                 }

                 else if ( *q >= 'a' && *q <= 'f' ) {

-                    ucs += mult * (*q - 'a' + 10);

+                    digit = *q - 'a' + 10;

                 }

                 else if ( *q >= 'A' && *q <= 'F' ) {

-                    ucs += mult * (*q - 'A' + 10 );

+                    digit = *q - 'A' + 10;

                 }

                 else {

                     return 0;

                 }

+                TIXMLASSERT( digit == 0 || mult <= UINT_MAX / digit );

+                const unsigned int digitScaled = mult * digit;

+                TIXMLASSERT( ucs <= ULONG_MAX - digitScaled );

+                ucs += digitScaled;

                 TIXMLASSERT( mult <= UINT_MAX / 16 );

                 mult *= 16;

                 --q;

@@ -410,7 +415,11 @@
 

             while ( *q != '#' ) {

                 if ( *q >= '0' && *q <= '9' ) {

-                    ucs += mult * (*q - '0');

+                    const unsigned int digit = *q - '0';

+                    TIXMLASSERT( digit == 0 || mult <= UINT_MAX / digit );

+                    const unsigned int digitScaled = mult * digit;

+                    TIXMLASSERT( ucs <= ULONG_MAX - digitScaled );

+                    ucs += digitScaled;

                 }

                 else {

                     return 0;