Package: libxml2 Version: 2.9.4+dfsg1-8 Severity: important Parsing floating-point numbers give incorrect values:
$ echo '<a/>' | xmllint --xpath "string(1.0999999999999999)" - ; echo 1.1 This is incorrect because of the following. $ echo '<a/>' | xmllint --xpath "string(1.1)" - ; echo 1.1 Since they produce the same output, this would mean that 1.0999999999999999 and 1.1 correspond to the same double-precision value. But this is not the case: $ echo '<a/>' | xmllint --xpath "string(1.1 - 1.0999999999999999)" - ; echo 2.22044604925031e-16 This shows that 1.0999999999999999 and 1.1 are converted to different floating-point numbers, which is correct. This can also be checked with atof() in C: 1.0999999999999999 gives 0x1.1999999999999p+0 1.1 gives 0x1.199999999999ap+0 i.e. 2 different double-precision numbers. Thus the bug is in the string() function. I recall the XPath 1.0 spec: https://www.w3.org/TR/1999/REC-xpath-19991116/#section-String-Functions "otherwise, the number is represented in decimal form as a Number including a decimal point with at least one digit before the decimal point and at least one digit after the decimal point, preceded by a minus sign (-) if the number is negative; there must be no leading zeros before the decimal point apart possibly from the one required digit immediately before the decimal point; beyond the one required digit after the decimal point there must be as many, but only as many, more digits as are needed to uniquely distinguish the number from all other IEEE 754 numeric values." See the last requirement. Note that the libxml2 version in Debian is very old. I have not checked the latest upstream version. -- System Information: Debian Release: bullseye/sid APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'stable-updates'), (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 5.3.0-3-amd64 (SMP w/8 CPU cores) Locale: LANG=POSIX, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=POSIX (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages libxml2 depends on: ii libc6 2.29-6 ii libicu63 63.2-2 ii liblzma5 5.2.4-1+b1 ii zlib1g 1:1.2.11.dfsg-1+b1 libxml2 recommends no packages. libxml2 suggests no packages. -- no debconf information
