diff options
author | Sebastian Pipping <sebastian@pipping.org> | 2021-05-14 20:26:26 +0200 |
---|---|---|
committer | Sebastian Pipping <sebastian@pipping.org> | 2021-05-14 20:46:09 +0200 |
commit | 77cfb8f4cd9679cef27ae9bc38e39ac51235af2d (patch) | |
tree | 1c43f83b7a73429c254502ec437c8f2eeacebc97 | |
parent | 60959f2b491876199879d97c8ed956eabb0c2e73 (diff) | |
download | libexpat-git-77cfb8f4cd9679cef27ae9bc38e39ac51235af2d.tar.gz |
tests: Cover accounting of CDATA sections inside of general entities
-rw-r--r-- | expat/tests/runtests.c | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/expat/tests/runtests.c b/expat/tests/runtests.c index 0e2b49fa..e3944561 100644 --- a/expat/tests/runtests.c +++ b/expat/tests/runtests.c @@ -11318,6 +11318,16 @@ START_TEST(test_accounting_precision) { /* CDATA */ {"<e><![CDATA[one two three]]></e>", NULL, NULL, 0, filled_later}, + /* The following is the essence of this OSS-Fuzz finding: + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=34302 + https://oss-fuzz.com/testcase-detail/4860575394955264 + */ + {"<!DOCTYPE r [\n" + "<!ENTITY e \"111<![CDATA[2 <= 2]]>333\">\n" + "]>\n" + "<r>&e;</r>\n", + NULL, NULL, sizeof(XML_Char) * strlen("111<![CDATA[2 <= 2]]>333"), + filled_later}, /* Conditional sections */ {"<!DOCTYPE r [\n" |