Disallow deep or widely nested entity references.old/5.1

Nested entities with a depth of 2 or more will fail. Entities
that fully expand to more than 1024 characters will also fail.

Change-Id: I75525bc1edfa796c4db30a5109fe21011ad43a2d
Reviewed-by: Richard J. Moore <rich@kde.org>
Reviewed-by: Lars Knoll <lars.knoll@digia.com>
(cherries picked from commits 46a8885ae486e238a39efa5119c2714f328b08e4
and f1053d94f59f053ce4acad9320df14f1fbe4faac)

1 files changed, 58 insertions, 0 deletions

diff --git a/tests/auto/xml/sax/qxmlsimplereader/tst_qxmlsimplereader.cpp b/tests/auto/xml/sax/qxmlsimplereader/tst_qxmlsimplereader.cpp
index d4c0ff44ca..d6ad8674f3 100644
--- a/tests/auto/xml/sax/qxmlsimplereader/tst_qxmlsimplereader.cpp
+++ b/tests/auto/xml/sax/qxmlsimplereader/tst_qxmlsimplereader.cpp
@@ -160,6 +160,7 @@ class tst_QXmlSimpleReader : public QObject
         void reportNamespace() const;
         void reportNamespace_data() const;
         void roundtripWithNamespaces() const;
+        void dtdRecursionLimit();
 
     private:
         static QDomDocument fromByteArray(const QString &title, const QByteArray &ba, bool *ok);
@@ -770,5 +771,62 @@ void tst_QXmlSimpleReader::roundtripWithNamespaces() const
     }
 }
 
+class TestHandler : public QXmlDefaultHandler
+{
+public:
+    TestHandler() :
+        recursionCount(0)
+    {
+    }
+
+    bool internalEntityDecl(const QString &name, const QString &value)
+    {
+        ++recursionCount;
+        return QXmlDefaultHandler::internalEntityDecl(name, value);
+    }
+
+    int recursionCount;
+};
+
+void tst_QXmlSimpleReader::dtdRecursionLimit()
+{
+    QFile file("xmldocs/2-levels-nested-dtd.xml");
+    QVERIFY(file.open(QIODevice::ReadOnly));
+    QXmlSimpleReader xmlReader;
+    {
+        QXmlInputSource *source = new QXmlInputSource(&file);
+        TestHandler handler;
+        xmlReader.setDeclHandler(&handler);
+        xmlReader.setErrorHandler(&handler);
+        QVERIFY(!xmlReader.parse(source));
+    }
+
+    file.close();
+    file.setFileName("xmldocs/1-levels-nested-dtd.xml");
+    QVERIFY(file.open(QIODevice::ReadOnly));
+    {
+        QXmlInputSource *source = new QXmlInputSource(&file);
+        TestHandler handler;
+        xmlReader.setDeclHandler(&handler);
+        xmlReader.setErrorHandler(&handler);
+        QVERIFY(!xmlReader.parse(source));
+        // The error wasn't because of the recursion limit being reached,
+        // it was because the document is not valid.
+        QVERIFY(handler.recursionCount < 2);
+    }
+
+    file.close();
+    file.setFileName("xmldocs/internal-entity-polynomial-attribute.xml");
+    QVERIFY(file.open(QIODevice::ReadOnly));
+    {
+        QXmlInputSource *source = new QXmlInputSource(&file);
+        TestHandler handler;
+        xmlReader.setDeclHandler(&handler);
+        xmlReader.setErrorHandler(&handler);
+        QVERIFY(!xmlReader.parse(source));
+        QCOMPARE(handler.recursionCount, 2);
+    }
+}
+
 QTEST_MAIN(tst_QXmlSimpleReader)
 #include "tst_qxmlsimplereader.moc"