From c6280f7b8a64804dad81f8624fe45583bfd5ccc6 Mon Sep 17 00:00:00 2001
From: reuk <reuk@users.noreply.github.com>
Date: Wed, 17 Feb 2021 11:44:58 +0000
Subject: [PATCH] XmlElement:  Fix rare crash when parsing truncated escape
 sequences

---
 modules/juce_core/xml/juce_XmlDocument.cpp | 17 ++++++++++++++---
 1 file changed, 14 insertions(+), 3 deletions(-)

diff --git a/modules/juce_core/xml/juce_XmlDocument.cpp b/modules/juce_core/xml/juce_XmlDocument.cpp
index 69d2e796b6..f3ae54351c 100644
--- a/modules/juce_core/xml/juce_XmlDocument.cpp
+++ b/modules/juce_core/xml/juce_XmlDocument.cpp
@@ -684,7 +684,7 @@ void XmlDocument::readEntity (String& result)
     }
     else if (*input == '#')
     {
-        int charCode = 0;
+        int64_t charCode = 0;
         ++input;
 
         if (*input == 'x' || *input == 'X')
@@ -712,15 +712,26 @@ void XmlDocument::readEntity (String& result)
         {
             int numChars = 0;
 
-            while (input[0] != ';')
+            for (;;)
             {
+                const auto firstChar = input[0];
+
+                if (firstChar == 0)
+                {
+                    setLastError ("unexpected end of input", true);
+                    return;
+                }
+
+                if (firstChar == ';')
+                    break;
+
                 if (++numChars > 12)
                 {
                     setLastError ("illegal escape sequence", true);
                     break;
                 }
 
-                charCode = charCode * 10 + ((int) input[0] - '0');
+                charCode = charCode * 10 + ((int) firstChar - '0');
                 ++input;
             }