[PATCH v3 2/3] xmllite: Whitespace node not returned when followed by invalid character.

[Nikolay Sivov]

On 12/5/19 10:53 PM, Jeff Smith wrote:
> Signed-off-by: Jeff Smith <whydoubt at gmail.com>
> ---
>   dlls/xmllite/reader.c       | 12 ++++++++++--
>   dlls/xmllite/tests/reader.c |  2 --
>   2 files changed, 10 insertions(+), 4 deletions(-)
>
> diff --git a/dlls/xmllite/reader.c b/dlls/xmllite/reader.c
> index eddc4d8eec..79e5c2253a 100644
> --- a/dlls/xmllite/reader.c
> +++ b/dlls/xmllite/reader.c
> @@ -1113,8 +1113,8 @@ static inline UINT reader_get_cur(xmlreader *reader)
>   static inline WCHAR *reader_get_ptr(xmlreader *reader)
>   {
>       encoded_buffer *buffer = &reader->input->buffer->utf16;
> -    WCHAR *ptr = (WCHAR*)buffer->data + buffer->cur;
> -    if (!*ptr) reader_more(reader);
> +    if (buffer->cur*sizeof(WCHAR) >= buffer->written)
> +        reader_more(reader);
>       return (WCHAR*)buffer->data + buffer->cur;
>   }
Why do you need to change that? It's used everywhere.
>   
> @@ -1714,8 +1714,16 @@ static HRESULT reader_parse_whitespace(xmlreader *reader)
>       {
>           strval value;
>           UINT start;
> +        const encoded_buffer *buffer = &reader->input->buffer->utf16;
>   
>           reader_skipspaces(reader);
> +
> +        /* Do NOT return Whitespace node if followed by a character other than '<'.
> +         * The reader_skipspaces call should have already read in the character. */
> +        if (buffer->cur*sizeof(WCHAR) < buffer->written &&
> +                *reader_get_ptr2(reader, buffer->cur) != '<')
> +            return WC_E_SYNTAX;
> +
Buffer access should not be exposed like that.
>           if (is_reader_pending(reader)) return S_OK;
>   
>           start = reader->resume[XmlReadResume_Body];
> diff --git a/dlls/xmllite/tests/reader.c b/dlls/xmllite/tests/reader.c
> index 88b9103e1e..b02301907d 100644
> --- a/dlls/xmllite/tests/reader.c
> +++ b/dlls/xmllite/tests/reader.c
> @@ -1064,10 +1064,8 @@ todo_wine
>   
>       type = -1;
>       hr = IXmlReader_Read(reader, &type);
> -todo_wine {
>       ok(hr == WC_E_SYNTAX || broken(hr == WC_E_XMLCHARACTER), "expected WC_E_SYNTAX, got 0x%08x\n", hr);
>       ok(type == XmlNodeType_None, "expected XmlNodeType_None, got %s\n", type_to_str(type));
> -}
>   
>       stream = create_stream_on_data(xml_comment, sizeof(xml_comment));
>       hr = IXmlReader_SetInput(reader, (IUnknown *)stream);