Check for integer overflow in xmlXPathFormatNumber

Check for overflow before casting double to int. Found with afl-fuzz and UBSan.
author: Nick Wellnhofer <wellnhofer@aevum.de> 2017-06-01 22:00:19 +0200
committer: Nick Wellnhofer <wellnhofer@aevum.de> 2017-06-01 22:00:19 +0200
commit: 7482f41f61d733656d588b4d8c300b1ecdff7f5f (patch)
tree: 7a8b8479071b88f931101e5f3cf11f822a7005a6 /result
parent: 863b57925a5a2cd45a12ceb935dd82a411ab746e (diff)
download: libxml2-7482f41f61d733656d588b4d8c300b1ecdff7f5f.tar.gz
2 files changed, 16 insertions, 0 deletions
diff --git a/result/XPath/expr/floats b/result/XPath/expr/floats
index b6255ce0..157bd767 100644
--- a/result/XPath/expr/floats
+++ b/result/XPath/expr/floats
@@ -242,3 +242,11 @@ Object is a number : -1
 ========================
 Expression: 8 mod 3 = 2
 Object is a Boolean : true
+
+========================
+Expression: 12345678901234567890
+Object is a number : 1.23457e+19
+
+========================
+Expression: -12345678901234567890
+Object is a number : -1.23457e+19
diff --git a/result/XPath/expr/strings b/result/XPath/expr/strings
index fad7048f..1ae5cc40 100644
--- a/result/XPath/expr/strings
+++ b/result/XPath/expr/strings
@@ -20,6 +20,14 @@ Expression: string(false())
 Object is a string : false
 
 ========================
+Expression: string(12345678901234567890)
+Object is a string : 1.23456789012346e+19
+
+========================
+Expression: string(-12345678901234567890)
+Object is a string : -1.23456789012346e+19
+
+========================
 Expression: concat("titi","toto")
 Object is a string : tititoto
author	Nick Wellnhofer <wellnhofer@aevum.de>	2017-06-01 22:00:19 +0200
committer	Nick Wellnhofer <wellnhofer@aevum.de>	2017-06-01 22:00:19 +0200
commit	7482f41f61d733656d588b4d8c300b1ecdff7f5f (patch)
tree	7a8b8479071b88f931101e5f3cf11f822a7005a6 /result
parent	863b57925a5a2cd45a12ceb935dd82a411ab746e (diff)
download	libxml2-7482f41f61d733656d588b4d8c300b1ecdff7f5f.tar.gz