From c7dce729f071fb47535a6f27f90fce7c279a2cd5 Mon Sep 17 00:00:00 2001
From: David Abram Cargill <cargilld@apache.org>
Date: Tue, 15 Nov 2005 13:10:30 +0000
Subject: [PATCH] Treat "+" and "-" as invalid numeric schema values.

git-svn-id: https://svn.apache.org/repos/asf/xerces/c/trunk@344362 13f79535-47bb-0310-9956-ffa450edef68
---
 src/xercesc/util/XMLAbstractDoubleFloat.cpp |  8 ++++++++
 src/xercesc/util/XMLBigDecimal.cpp          | 18 +++++++++++++++++-
 src/xercesc/util/XMLBigInteger.cpp          |  9 +++++++++
 3 files changed, 34 insertions(+), 1 deletion(-)

diff --git a/src/xercesc/util/XMLAbstractDoubleFloat.cpp b/src/xercesc/util/XMLAbstractDoubleFloat.cpp
index 734e06e38..8ba09b156 100644
--- a/src/xercesc/util/XMLAbstractDoubleFloat.cpp
+++ b/src/xercesc/util/XMLAbstractDoubleFloat.cpp
@@ -376,10 +376,18 @@ void XMLAbstractDoubleFloat::normalizeZero(XMLCh* const inData)
 	{
 		minusSeen = true;
 		srcStr++;
+        if (!*srcStr)
+        {
+            ThrowXMLwithMemMgr(NumberFormatException, XMLExcepts::XMLNUM_Inv_chars, getMemoryManager());
+        }
 	}
 	else if (*srcStr == chPlus)
 	{
 		srcStr++;
+        if (!*srcStr)
+        {
+            ThrowXMLwithMemMgr(NumberFormatException, XMLExcepts::XMLNUM_Inv_chars, getMemoryManager());
+        }
 	}
 
 	// scan the string
diff --git a/src/xercesc/util/XMLBigDecimal.cpp b/src/xercesc/util/XMLBigDecimal.cpp
index b2ebada72..f61852384 100644
--- a/src/xercesc/util/XMLBigDecimal.cpp
+++ b/src/xercesc/util/XMLBigDecimal.cpp
@@ -231,10 +231,18 @@ void  XMLBigDecimal::parseDecimal(const XMLCh* const toParse
     {
         sign = -1;
         startPtr++;
+        if (startPtr == endPtr)
+        {
+            ThrowXMLwithMemMgr(NumberFormatException, XMLExcepts::XMLNUM_Inv_chars, manager);
+        }
     }
     else if (*startPtr == chPlus)
     {
-        startPtr++;
+        startPtr++;         
+        if (startPtr == endPtr)
+        {
+            ThrowXMLwithMemMgr(NumberFormatException, XMLExcepts::XMLNUM_Inv_chars, manager);
+        }
     }
 
     // Strip leading zeros
@@ -321,10 +329,18 @@ void  XMLBigDecimal::parseDecimal(const XMLCh*         const toParse
     if (*startPtr == chDash)
     {
         startPtr++;
+        if (startPtr == endPtr)
+        {
+            ThrowXMLwithMemMgr(NumberFormatException, XMLExcepts::XMLNUM_Inv_chars, manager);
+        }
     }
     else if (*startPtr == chPlus)
     {
         startPtr++;
+        if (startPtr == endPtr)
+        {
+            ThrowXMLwithMemMgr(NumberFormatException, XMLExcepts::XMLNUM_Inv_chars, manager);
+        }
     }
 
     // Strip leading zeros
diff --git a/src/xercesc/util/XMLBigInteger.cpp b/src/xercesc/util/XMLBigInteger.cpp
index cf63836e2..cb4bbdfff 100644
--- a/src/xercesc/util/XMLBigInteger.cpp
+++ b/src/xercesc/util/XMLBigInteger.cpp
@@ -135,13 +135,22 @@ void XMLBigInteger::parseBigInteger(const XMLCh* const toConvert
     {
         signValue = -1;
         startPtr++;
+        if (startPtr == endPtr)
+        {
+            ThrowXMLwithMemMgr(NumberFormatException, XMLExcepts::XMLNUM_Inv_chars, manager);
+        }
     }
     else if (*startPtr == chPlus)
     {
         // skip the '+'
         startPtr++;
+        if (startPtr == endPtr)
+        {
+            ThrowXMLwithMemMgr(NumberFormatException, XMLExcepts::XMLNUM_Inv_chars, manager);
+        }
     }
 
+
     // Scan past any leading zero.
     while (*startPtr == chDigit_0)
         startPtr++;
-- 
GitLab