tests: Cover accounting of CDATA sections inside of general entities

author: Sebastian Pipping <sebastian@pipping.org> 2021-05-14 20:26:26 +0200
committer: Sebastian Pipping <sebastian@pipping.org> 2021-05-14 20:46:09 +0200
commit: 77cfb8f4cd9679cef27ae9bc38e39ac51235af2d (patch)
tree: 1c43f83b7a73429c254502ec437c8f2eeacebc97
parent: 60959f2b491876199879d97c8ed956eabb0c2e73 (diff)
download: libexpat-git-77cfb8f4cd9679cef27ae9bc38e39ac51235af2d.tar.gz
1 files changed, 10 insertions, 0 deletions
diff --git a/expat/tests/runtests.c b/expat/tests/runtests.c
index 0e2b49fa..e3944561 100644
--- a/expat/tests/runtests.c
+++ b/expat/tests/runtests.c
@@ -11318,6 +11318,16 @@ START_TEST(test_accounting_precision) {
 
       /* CDATA */
       {"<e><![CDATA[one two three]]></e>", NULL, NULL, 0, filled_later},
+      /* The following is the essence of this OSS-Fuzz finding:
+         https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=34302
+         https://oss-fuzz.com/testcase-detail/4860575394955264
+      */
+      {"<!DOCTYPE r [\n"
+       "<!ENTITY e \"111<![CDATA[2 <= 2]]>333\">\n"
+       "]>\n"
+       "<r>&e;</r>\n",
+       NULL, NULL, sizeof(XML_Char) * strlen("111<![CDATA[2 <= 2]]>333"),
+       filled_later},
 
       /* Conditional sections */
       {"<!DOCTYPE r [\n"
author	Sebastian Pipping <sebastian@pipping.org>	2021-05-14 20:26:26 +0200
committer	Sebastian Pipping <sebastian@pipping.org>	2021-05-14 20:46:09 +0200
commit	77cfb8f4cd9679cef27ae9bc38e39ac51235af2d (patch)
tree	1c43f83b7a73429c254502ec437c8f2eeacebc97
parent	60959f2b491876199879d97c8ed956eabb0c2e73 (diff)
download	libexpat-git-77cfb8f4cd9679cef27ae9bc38e39ac51235af2d.tar.gz