XmlElement: Fix rare crash when parsing truncated escape sequences

2026-01-10 23:44:24 +00:00 · 2021-02-17 11:44:58 +00:00 · 2021-02-17 11:44:58 +00:00 · c6280f7b8a
commit c6280f7b8a
parent 64b9366e8f
1 changed files with 14 additions and 3 deletions
--- a/modules/juce_core/xml/juce_XmlDocument.cpp
+++ b/modules/juce_core/xml/juce_XmlDocument.cpp
@ -684,7 +684,7 @@ void XmlDocument::readEntity (String& result)
    }
    else if (*input == '#')
    {
-        int charCode = 0;
+        int64_t charCode = 0;
        ++input;

        if (*input == 'x' || *input == 'X')
@ -712,15 +712,26 @@ void XmlDocument::readEntity (String& result)
        {
            int numChars = 0;

-            while (input[0] != ';')
+            for (;;)
            {
+                const auto firstChar = input[0];
+
+                if (firstChar == 0)
+                {
+                    setLastError ("unexpected end of input", true);
+                    return;
+                }
+
+                if (firstChar == ';')
+                    break;
+
                if (++numChars > 12)
                {
                    setLastError ("illegal escape sequence", true);
                    break;
                }

-                charCode = charCode * 10 + ((int) input[0] - '0');
+                charCode = charCode * 10 + ((int) firstChar - '0');
                ++input;
            }