LibXML: Fail gracefully on integer overflow in character references

Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47738
2025-07-25 06:07:34 +00:00 · 2022-07-10 19:48:02 +03:00 · 2022-07-10 19:48:02 +03:00 · 18d25124bf
commit 18d25124bf
parent 1d96c30488
2 changed files with 14 additions and 5 deletions
--- a/Tests/LibXML/TestParser.cpp
+++ b/Tests/LibXML/TestParser.cpp
@ -20,3 +20,12 @@ TEST_CASE(char_data_ending)
        return Test::Crash::Failure::DidNotCrash;
    });
 }
+
+TEST_CASE(character_reference_integer_overflow)
+{
+    EXPECT_NO_CRASH("parsing character references that do not fit in 32 bits should not crash", [] {
+        XML::Parser parser("<G>&#6666666666");
+        (void)parser.parse();
+        return Test::Crash::Failure::DidNotCrash;
+    });
+}