diff --git a/expat/tests/runtests.c b/expat/tests/runtests.c index 9c71cf36..19186ce3 100644 --- a/expat/tests/runtests.c +++ b/expat/tests/runtests.c @@ -8081,6 +8081,69 @@ START_TEST(test_alloc_long_doc_name) #undef MAX_ALLOC_COUNT END_TEST +START_TEST(test_alloc_long_base) +{ + const char *text = + "\n" + "]>\n" + "&e;"; + char entity_text[] = "Hello world"; + const char *base = + /* 64 characters per line */ + "LongBaseURI/that/will/overflow/an/internal/buffer/and/cause/it/t" + "o/have/to/grow/PQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789A/" + "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789A/" + "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789A/" + "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789A/" + "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789A/" + "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789A/" + "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789A/" + "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789A/" + "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789A/" + "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789A/" + "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789A/" + "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789A/" + "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789A/" + "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789A/" + "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789A/"; + int i; + #define MAX_ALLOC_COUNT 20 + int repeat = 0; + + for (i = 0; i < MAX_ALLOC_COUNT; i++) { + /* Repeat some counts to defeat cached allocations */ + if (i == 4 && repeat == 4) { + i -= 2; + repeat++; + } + else if ((i == 2 && repeat < 4) || + (i == 3 && repeat == 5) || + (i == 4 && repeat == 6)) { + i--; + repeat++; + } + allocation_count = i; + XML_SetUserData(parser, entity_text); + XML_SetParamEntityParsing(parser, XML_PARAM_ENTITY_PARSING_ALWAYS); + XML_SetExternalEntityRefHandler(parser, external_entity_alloc); + if (XML_SetBase(parser, base) == XML_STATUS_ERROR) { + XML_ParserReset(parser, NULL); + continue; + } + if (_XML_Parse_SINGLE_BYTES(parser, text, strlen(text), + XML_TRUE) != XML_STATUS_ERROR) + break; + XML_ParserReset(parser, NULL); + } + if (i == 0) + fail("Parsing worked despite failing allocations"); + else if (i == MAX_ALLOC_COUNT) + fail("Parsing failed even at max allocation count"); +} +#undef MAX_ALLOC_COUNT +END_TEST + static void nsalloc_setup(void) @@ -9972,6 +10035,7 @@ make_suite(void) tcase_add_test(tc_alloc, test_alloc_realloc_ce_extends_pe); tcase_add_test(tc_alloc, test_alloc_realloc_attributes); tcase_add_test(tc_alloc, test_alloc_long_doc_name); + tcase_add_test(tc_alloc, test_alloc_long_base); suite_add_tcase(s, tc_nsalloc); tcase_add_checked_fixture(tc_nsalloc, nsalloc_setup, nsalloc_teardown);