diff --git a/src/test/java/wstxtest/fuzz/Fuzz_DTDReadTest.java b/src/test/java/wstxtest/fuzz/Fuzz_DTDReadTest.java new file mode 100644 index 00000000..b42cffdc --- /dev/null +++ b/src/test/java/wstxtest/fuzz/Fuzz_DTDReadTest.java @@ -0,0 +1,59 @@ +package wstxtest.fuzz; + +import com.ctc.wstx.exc.WstxLazyException; +import com.ctc.wstx.stax.WstxInputFactory; +import org.codehaus.stax2.io.Stax2ByteArraySource; +import wstxtest.stream.BaseStreamTest; + +import javax.xml.stream.XMLStreamReader; +import java.io.ByteArrayInputStream; +import java.io.InputStreamReader; +import java.io.Reader; + +public class Fuzz_DTDReadTest extends BaseStreamTest +{ + private final byte[] DOC = readResource("/fuzz/clusterfuzz-testcase-modified-XmlFuzzer-5219006592450560.txt"); + + private final WstxInputFactory STAX_F = getWstxInputFactory(); + + public void testIssueInputStream() throws Exception + { + XMLStreamReader sr = STAX_F.createXMLStreamReader(new ByteArrayInputStream(DOC)); + try { + streamThrough(sr); + fail("Should not pass"); + } catch (WstxLazyException e) { + verifyException(e, "FullDTDReader has reached recursion depth limit of 500"); + } + sr.close(); + } + + public void testIssueReader() throws Exception + { + Reader r = new InputStreamReader(new ByteArrayInputStream(DOC), + "UTF-8"); + XMLStreamReader sr = STAX_F.createXMLStreamReader(r); + try { + streamThrough(sr); + fail("Should not pass"); + } catch (WstxLazyException e) { + verifyException(e, "FullDTDReader has reached recursion depth limit of 500"); + } + sr.close(); + } + + public void testIssueStax2ByteArray() throws Exception + { + // Then "native" Byte array + Stax2ByteArraySource src = new Stax2ByteArraySource(DOC, 0, DOC.length); + XMLStreamReader sr = STAX_F.createXMLStreamReader(src); + try { + streamThrough(sr); + fail("Should not pass"); + } catch (WstxLazyException e) { + verifyException(e, "FullDTDReader has reached recursion depth limit of 500"); + } + sr.close(); + } +} + diff --git a/src/test/resources/fuzz/clusterfuzz-testcase-modified-XmlFuzzer-5219006592450560.txt b/src/test/resources/fuzz/clusterfuzz-testcase-modified-XmlFuzzer-5219006592450560.txt new file mode 100644 index 00000000..f39ad261 --- /dev/null +++ b/src/test/resources/fuzz/clusterfuzz-testcase-modified-XmlFuzzer-5219006592450560.txt @@ -0,0 +1 @@ +