Perf increase when attribute name is packed with thousands of nullchars

Fixes #1580 for attribute names

CHANGES

@@ -14,7 +14,7 @@ jsoup changelog
   * Bugfix: updated the HtmlTreeParser resetInsertionMode to the current spec for supported elements
     <https://github.com/jhy/jsoup/issues/1491>
 
-  * Bugfix [Fuzz]: fixed a slow parse when a tag has thousands of null characters in it.
+  * Bugfix [Fuzz]: fixed a slow parse when a tag or an attribute name has thousands of null characters in it.
     <https://github.com/jhy/jsoup/issues/1580>
 
   * Bugfix [Fuzz]: the adoption agency algorithm can have an incorrect bookmark position

src/main/java/org/jsoup/parser/Token.java

@@ -181,6 +181,8 @@ final void appendTagName(char append) {
         }
 
         final void appendAttributeName(String append) {
+            // might have null chars because we eat in one pass - need to replace with null replacement character
+            append = append.replace(TokeniserState.nullChar, Tokeniser.replacementChar);
             pendingAttributeName = pendingAttributeName == null ? append : pendingAttributeName.concat(append);
         }
 

src/main/java/org/jsoup/parser/TokeniserState.java

@@ -144,7 +144,6 @@ void read(Tokeniser t, CharacterReader r) {
         // from < or </ in data, will have start or end tag pending
         void read(Tokeniser t, CharacterReader r) {
             // previous TagOpen state did NOT consume, will have a letter char in current
-            //String tagName = r.consumeToAnySorted(tagCharsSorted).toLowerCase();
             String tagName = r.consumeTagName();
             t.tagPending.appendTagName(tagName);
 
@@ -608,7 +607,7 @@ void read(Tokeniser t, CharacterReader r) {
     AttributeName {
         // from before attribute name
         void read(Tokeniser t, CharacterReader r) {
-            String name = r.consumeToAnySorted(attributeNameCharsSorted);
+            String name = r.consumeToAnySorted(attributeNameCharsSorted); // spec deviate - consume and emit nulls in one hit vs stepping
             t.tagPending.appendAttributeName(name);
 
             char c = r.consume();
@@ -630,10 +629,6 @@ void read(Tokeniser t, CharacterReader r) {
                     t.emitTagPending();
                     t.transition(Data);
                     break;
-                case nullChar:
-                    t.error(this);
-                    t.tagPending.appendAttributeName(replacementChar);
-                    break;
                 case eof:
                     t.eofError(this);
                     t.transition(Data);
@@ -1631,7 +1626,7 @@ void read(Tokeniser t, CharacterReader r) {
 
     static final char nullChar = '\u0000';
     // char searches. must be sorted, used in inSorted. MUST update TokenisetStateTest if more arrays are added.
-    static final char[] attributeNameCharsSorted = new char[]{nullChar, '\t', '\n', '\f', '\r', ' ', '"', '\'', '/', '<', '=', '>'};
+    static final char[] attributeNameCharsSorted = new char[]{'\t', '\n', '\f', '\r', ' ', '"', '\'', '/', '<', '=', '>'};
     static final char[] attributeValueUnquoted = new char[]{nullChar, '\t', '\n', '\f', '\r', ' ', '"', '&', '\'', '<', '=', '>', '`'};
 
     private static final char replacementChar = Tokeniser.replacementChar;

src/test/java/org/jsoup/integration/FuzzFixesTest.java

@@ -104,12 +104,22 @@ public void scope1579() {
     @Test
     public void overflow1577() throws IOException {
         // https://github.com/jhy/jsoup/issues/1577
-        // no repro - fixed elsewhere?
         File in = ParseTest.getFile("/fuzztests/1577.html.gz");
         Document doc = Jsoup.parse(in, "UTF-8");
         assertNotNull(doc);
 
         Document docXml = Jsoup.parse(new FileInputStream(in), "UTF-8", "https://example.com", Parser.xmlParser());
         assertNotNull(docXml);
     }
+
+    @Test
+    public void parseTimeout36150() throws IOException {
+        File in = ParseTest.getFile("/fuzztests/1580-attrname.html.gz");
+        // pretty much 1MB of null chars in text head
+        Document doc = Jsoup.parse(in, "UTF-8");
+        assertNotNull(doc);
+
+        Document docXml = Jsoup.parse(new FileInputStream(in), "UTF-8", "https://example.com", Parser.xmlParser());
+        assertNotNull(docXml);
+    }
 }