From 88455b42a0ecaba7f21da8bc23f3616912f386e1 Mon Sep 17 00:00:00 2001 From: Mingun Date: Fri, 16 Dec 2022 01:31:58 +0500 Subject: [PATCH] Fix an error in the `Deserializer::read_to_end` when feature "overlapped-lists" is enabled --- Changelog.md | 2 ++ src/de/mod.rs | 24 ++++++++++++++++++++++-- 2 files changed, 24 insertions(+), 2 deletions(-) diff --git a/Changelog.md b/Changelog.md index f9b5ce2d..a906c05a 100644 --- a/Changelog.md +++ b/Changelog.md @@ -16,6 +16,8 @@ - [#530]: Fix an infinite loop leading to unbounded memory consumption that occurs when skipping events on malformed XML with the `overlapped-lists` feature active. +- [#530]: Fix an error in the `Deserializer::read_to_end` when `overlapped-lists` + feature is active and malformed XML is parsed ### Misc Changes diff --git a/src/de/mod.rs b/src/de/mod.rs index 26bbab16..32f438d3 100644 --- a/src/de/mod.rs +++ b/src/de/mod.rs @@ -2237,7 +2237,7 @@ where } Some(DeEvent::End(e)) if e.name() == name => { if depth == 0 { - return Ok(()); + break; } depth -= 1; } @@ -2247,9 +2247,29 @@ where // If we do not have skipped events, use effective reading that will // not allocate memory for events - None => return self.reader.read_to_end(name), + None => { + // We should close all opened tags, because we could buffer + // Start events, but not the corresponding End events. So we + // keep reading events until we exit all nested tags. + // `read_to_end()` will return an error if an Eof was encountered + // preliminary (in case of malformed XML). + // + // + // ^^^^^^^^^^ - buffered in `self.read`, when `self.read_to_end()` is called, depth = 2 + // ^^^^^^ - read by the first call of `self.reader.read_to_end()` + // ^^^^^^ - read by the second call of `self.reader.read_to_end()` + loop { + self.reader.read_to_end(name)?; + if depth == 0 { + break; + } + depth -= 1; + } + break; + } } } + Ok(()) } #[cfg(not(feature = "overlapped-lists"))] fn read_to_end(&mut self, name: QName) -> Result<(), DeError> {