Test unknown encoding conversion buffer overflow on convert()

diff --git a/expat/tests/runtests.c b/expat/tests/runtests.c
index 2a3b9669bfc6387823ee4344d3e6e0f820bb3a98..c209a27f5bd1ba6250b2f1034e3977267b02c62b 100644 (file)
--- a/expat/tests/runtests.c
+++ b/expat/tests/runtests.c
@@ -5398,6 +5398,31 @@ START_TEST(test_unknown_encoding_bad_name_2)
 }
 END_TEST
 
+/* Test element name that is long enough to fill the conversion buffer
+ * in an unknown encoding, finishing with an encoded character.
+ */
+START_TEST(test_unknown_encoding_long_name_1)
+{
+    const char *text =
+        "<?xml version='1.0' encoding='experimental'?>\n"
+        "<abcdefghabcdefghabcdefghijkl\x80m\x80n\x80o\x80p>"
+        "Hi"
+        "</abcdefghabcdefghabcdefghijkl\x80m\x80n\x80o\x80p>";
+    const XML_Char *expected = "abcdefghabcdefghabcdefghijklmnop";
+    CharData storage;
+
+    CharData_Init(&storage);
+    XML_SetUnknownEncodingHandler(parser, BadEncodingHandler,
+                                  (void *)PREFIX_CONVERTER);
+    XML_SetStartElementHandler(parser, record_element_start_handler);
+    XML_SetUserData(parser, &storage);
+    if (_XML_Parse_SINGLE_BYTES(parser, text, strlen(text),
+                                XML_TRUE) == XML_STATUS_ERROR)
+        xml_failure(parser);
+    CharData_CheckXMLChars(&storage, expected);
+}
+END_TEST
+
 /* Be tidy */
 #undef NO_CONVERTER
 #undef FAILING_CONVERTER
@@ -10664,6 +10689,7 @@ make_suite(void)
     tcase_add_test(tc_basic, test_unknown_encoding_success);
     tcase_add_test(tc_basic, test_unknown_encoding_bad_name);
     tcase_add_test(tc_basic, test_unknown_encoding_bad_name_2);
+    tcase_add_test(tc_basic, test_unknown_encoding_long_name_1);
 
     suite_add_tcase(s, tc_namespace);
     tcase_add_checked_fixture(tc_namespace,