Fix an error in the Deserializer::read_to_end when feature "overlap…

…ped-lists" is enabled
tafia · Dec 26, 2022 · 88455b4 · 88455b4
1 parent 75ae6c7
commit 88455b4
Show file tree

Hide file tree

Showing 2 changed files with 24 additions and 2 deletions.
diff --git a/Changelog.md b/Changelog.md
@@ -16,6 +16,8 @@
 
 - [#530]: Fix an infinite loop leading to unbounded memory consumption that occurs when
   skipping events on malformed XML with the `overlapped-lists` feature active.
+- [#530]: Fix an error in the `Deserializer::read_to_end` when `overlapped-lists`
+  feature is active and malformed XML is parsed
 
 ### Misc Changes
 

diff --git a/src/de/mod.rs b/src/de/mod.rs
@@ -2237,7 +2237,7 @@ where
                 }
                 Some(DeEvent::End(e)) if e.name() == name => {
                     if depth == 0 {
-                        return Ok(());
+                        break;
                     }
                     depth -= 1;
                 }
@@ -2247,9 +2247,29 @@ where
 
                 // If we do not have skipped events, use effective reading that will
                 // not allocate memory for events
-                None => return self.reader.read_to_end(name),
+                None => {
+                    // We should close all opened tags, because we could buffer
+                    // Start events, but not the corresponding End events. So we
+                    // keep reading events until we exit all nested tags.
+                    // `read_to_end()` will return an error if an Eof was encountered
+                    // preliminary (in case of malformed XML).
+                    //
+                    // <tag><tag></tag></tag>
+                    // ^^^^^^^^^^             - buffered in `self.read`, when `self.read_to_end()` is called, depth = 2
+                    //           ^^^^^^       - read by the first call of `self.reader.read_to_end()`
+                    //                 ^^^^^^ - read by the second call of `self.reader.read_to_end()`
+                    loop {
+                        self.reader.read_to_end(name)?;
+                        if depth == 0 {
+                            break;
+                        }
+                        depth -= 1;
+                    }
+                    break;
+                }
             }
         }
+        Ok(())
     }
     #[cfg(not(feature = "overlapped-lists"))]
     fn read_to_end(&mut self, name: QName) -> Result<(), DeError> {