]> granicus.if.org Git - libexpat/commitdiff
Test long entity value and external entity with duff allocator
authorRhodri James <rhodri@kynesim.co.uk>
Fri, 5 May 2017 14:21:00 +0000 (15:21 +0100)
committerSebastian Pipping <sebastian@pipping.org>
Sat, 22 Jul 2017 20:49:16 +0000 (22:49 +0200)
expat/tests/runtests.c

index 258299d221506ddb499a1c5d491be98f72d5e671..43c97b9118f202d1725724b472be1798814a491e 100644 (file)
@@ -8203,6 +8203,67 @@ START_TEST(test_alloc_long_public_id)
 #undef MAX_ALLOC_COUNT
 END_TEST
 
+START_TEST(test_alloc_long_entity_value)
+{
+    const char *text =
+        "<!DOCTYPE doc [\n"
+        "  <!ENTITY e1 '"
+        /* 64 characters per line */
+        "Long entity value that should provoke a string pool to grow whil"
+        "e setting up to parse the external entity below. xyz0123456789AB"
+        "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789AB"
+        "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789AB"
+        "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789AB"
+        "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789AB"
+        "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789AB"
+        "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789AB"
+        "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789AB"
+        "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789AB"
+        "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789AB"
+        "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789AB"
+        "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789AB"
+        "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789AB"
+        "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789AB"
+        "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789AB"
+        "'>\n"
+        "  <!ENTITY e2 SYSTEM 'bar'>\n"
+        "]>\n"
+        "<doc>&e2;</doc>";
+    char entity_text[] = "Hello world";
+    int i;
+#define MAX_ALLOC_COUNT 20
+    int repeat = 0;
+
+    for (i = 0; i < MAX_ALLOC_COUNT; i++) {
+        /* Repeat certain counts to defeat cached allocations */
+        if (i == 5 && repeat == 4) {
+            i -= 2;
+            repeat++;
+        }
+        else if ((i == 2 && repeat < 3) ||
+                 (i == 3 && repeat == 3) ||
+                 (i == 4 && repeat == 5) ||
+                 (i == 5 && repeat == 6)) {
+            i--;
+            repeat++;
+        }
+        allocation_count = i;
+        XML_SetUserData(parser, entity_text);
+        XML_SetParamEntityParsing(parser, XML_PARAM_ENTITY_PARSING_ALWAYS);
+        XML_SetExternalEntityRefHandler(parser, external_entity_alloc);
+        if (_XML_Parse_SINGLE_BYTES(parser, text, strlen(text),
+                                    XML_TRUE) != XML_STATUS_ERROR)
+            break;
+        XML_ParserReset(parser, NULL);
+    }
+    if (i == 0)
+        fail("Parsing worked despite failing allocations");
+    else if (i == MAX_ALLOC_COUNT)
+        fail("Parsing failed even at max allocation count");
+}
+#undef MAX_ALLOC_COUNT
+END_TEST
+
 
 static void
 nsalloc_setup(void)
@@ -10096,6 +10157,7 @@ make_suite(void)
     tcase_add_test(tc_alloc, test_alloc_long_doc_name);
     tcase_add_test(tc_alloc, test_alloc_long_base);
     tcase_add_test(tc_alloc, test_alloc_long_public_id);
+    tcase_add_test(tc_alloc, test_alloc_long_entity_value);
 
     suite_add_tcase(s, tc_nsalloc);
     tcase_add_checked_fixture(tc_nsalloc, nsalloc_setup, nsalloc_teardown);