LibXML: Fail gracefully on integer overflow in character references

Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47738
Author: https://github.com/IdanHo Commit: 18d25124bf Pull-request: https://github.com/SerenityOS/serenity/pull/14546 Reviewed-by: https://github.com/alimpfard ✅
2025-07-29 12:19:54 +00:00 · 2022-07-10 19:48:02 +03:00 · 2022-07-10 19:48:02 +03:00 · 18d25124bf · 2024-07-17 09:31:44 +09:00
commit 18d25124bf
parent 1d96c30488
2 changed files with 14 additions and 5 deletions
--- a/Tests/LibXML/TestParser.cpp
+++ b/Tests/LibXML/TestParser.cpp
@ -20,3 +20,12 @@ TEST_CASE(char_data_ending)
        return Test::Crash::Failure::DidNotCrash;
    });
 }
+
+TEST_CASE(character_reference_integer_overflow)
+{
+    EXPECT_NO_CRASH("parsing character references that do not fit in 32 bits should not crash", [] {
+        XML::Parser parser("<G>&#6666666666");
+        (void)parser.parse();
+        return Test::Crash::Failure::DidNotCrash;
+    });
+}