#57 Uncaught IllegalArgumentException due to malformed unicode entity

belingueres · belingueres · commit 7565c56c3ba5 · 2019-01-25T19:42:07.000-03:00
ref - Added a more readable error message by means of a XmlPullParserException. - Improved validation of the numeric character reference, according to XML 1.0 spec. (https://www.w3.org/TR/REC-xml/#NT-Char)
diff --git a/src/main/java/org/codehaus/plexus/util/xml/pull/MXParser.java b/src/main/java/org/codehaus/plexus/util/xml/pull/MXParser.java
@@ -2664,7 +2664,8 @@ protected char[] parseEntityRef()
         entityRefName = null;
         posStart = pos;
         char ch = more();
-        StringBuilder sb = new StringBuilder();
+        StringBuilder sb16 = new StringBuilder();
+        StringBuilder sb10 = new StringBuilder();
         if ( ch == '#' )
         {
             // parse character reference
@@ -2679,17 +2680,17 @@ protected char[] parseEntityRef()
                     if ( ch >= '0' && ch <= '9' )
                     {
                         charRef = (char) ( charRef * 16 + ( ch - '0' ) );
-                        sb.append( ch );
+                        sb16.append( ch );
                     }
                     else if ( ch >= 'a' && ch <= 'f' )
                     {
                         charRef = (char) ( charRef * 16 + ( ch - ( 'a' - 10 ) ) );
-                        sb.append( ch );
+                        sb16.append( ch );
                     }
                     else if ( ch >= 'A' && ch <= 'F' )
                     {
                         charRef = (char) ( charRef * 16 + ( ch - ( 'A' - 10 ) ) );
-                        sb.append( ch );
+                        sb16.append( ch );
                     }
                     else if ( ch == ';' )
                     {
@@ -2710,6 +2711,7 @@ else if ( ch >= 'A' && ch <= 'F' )
                     if ( ch >= '0' && ch <= '9' )
                     {
                         charRef = (char) ( charRef * 10 + ( ch - '0' ) );
+                        sb10.append( ch );
                     }
                     else if ( ch == ';' )
                     {
@@ -2724,16 +2726,35 @@ else if ( ch >= 'A' && ch <= 'F' )
                 }
             }
             posEnd = pos - 1;
-            if ( sb.length() > 0 )
+            if ( sb16.length() > 0 )
             {
-                char[] tmp = toChars( Integer.parseInt( sb.toString(), 16 ) );
-                charRefOneCharBuf = tmp;
+                try
+                {
+                    charRefOneCharBuf = toChars( Integer.parseInt( sb16.toString(), 16 ) );
+                }
+                catch ( IllegalArgumentException e )
+                {
+                    throw new XmlPullParserException( "character reference (with hex value " + sb16.toString()
+                        + ") is invalid", this, null );
+                }
+
                 if ( tokenize )
                 {
                     text = newString( charRefOneCharBuf, 0, charRefOneCharBuf.length );
                 }
                 return charRefOneCharBuf;
             }
+
+            try
+            {
+                toChars( Integer.parseInt( sb10.toString(), 10 ) );
+            }
+            catch ( IllegalArgumentException e )
+            {
+                throw new XmlPullParserException( "character reference (with decimal value " + sb10.toString()
+                    + ") is invalid", this, null );
+            }
+
             charRefOneCharBuf[0] = charRef;
             if ( tokenize )
             {
@@ -3996,15 +4017,21 @@ private static boolean isHighSurrogate( char ch )
         return ( MIN_HIGH_SURROGATE <= ch && MAX_HIGH_SURROGATE >= ch );
     }
 
-    private static final int MIN_CODE_POINT = 0x000000;
-
     private static final int MAX_CODE_POINT = 0x10FFFF;
 
     private static final int MIN_SUPPLEMENTARY_CODE_POINT = 0x10000;
 
+    /**
+     * Check if the provided parameter is a valid Char, according to: {@link https://www.w3.org/TR/REC-xml/#NT-Char}
+     * 
+     * @param codePoint the numeric value to check
+     * @return true if it is a valid numeric character reference. False otherwise.
+     */
     private static boolean isValidCodePoint( int codePoint )
     {
-        return ( MIN_CODE_POINT <= codePoint && MAX_CODE_POINT >= codePoint );
+        // Char ::= #x9 | #xA | #xD | [#x20-#xD7FF] | [#xE000-#xFFFD] | [#x10000-#x10FFFF]
+        return codePoint == 0x9 || codePoint == 0xA || codePoint == 0xD || ( 0x20 <= codePoint && codePoint <= 0xD7FF )
+            || ( 0xE000 <= codePoint && codePoint <= 0xFFFD ) || ( 0x10000 <= codePoint && codePoint <= 0X10FFFF );
     }
 
     private static boolean isSupplementaryCodePoint( int codePoint )
diff --git a/src/test/java/org/codehaus/plexus/util/xml/pull/MXParserTest.java b/src/test/java/org/codehaus/plexus/util/xml/pull/MXParserTest.java
@@ -17,6 +17,8 @@
  */
 
 import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.fail;
 
 import java.io.IOException;
 import java.io.StringReader;
@@ -156,6 +158,46 @@ public void testUnicodeEntities()
         assertEquals( XmlPullParser.END_TAG, parser.nextToken() );
     }
 
+    @Test
+    public void testInvalidCharacterReferenceHexa()
+        throws Exception
+    {
+        MXParser parser = new MXParser();
+        String input = "<root>&#x110000;</root>";
+        parser.setInput( new StringReader( input ) );
+
+        try
+        {
+            assertEquals( XmlPullParser.START_TAG, parser.nextToken() );
+            assertEquals( XmlPullParser.ENTITY_REF, parser.nextToken() );
+            fail( "Should fail since &#x110000; is an illegal character reference" );
+        }
+        catch ( XmlPullParserException e )
+        {
+            assertTrue( e.getMessage().contains( "character reference (with hex value 110000) is invalid" ) );
+        }
+    }
+
+    @Test
+    public void testInvalidCharacterReferenceDecimal()
+        throws Exception
+    {
+        MXParser parser = new MXParser();
+        String input = "<root>&#1114112;</root>";
+        parser.setInput( new StringReader( input ) );
+
+        try
+        {
+            assertEquals( XmlPullParser.START_TAG, parser.nextToken() );
+            assertEquals( XmlPullParser.ENTITY_REF, parser.nextToken() );
+            fail( "Should fail since &#1114112; is an illegal character reference" );
+        }
+        catch ( XmlPullParserException e )
+        {
+            assertTrue( e.getMessage().contains( "character reference (with decimal value 1114112) is invalid" ) );
+        }
+    }
+
     @Test
     public void testProcessingInstruction()
         throws Exception

Original file line number	Diff line number	Diff line change
`@@ -2664,7 +2664,8 @@ protected char[] parseEntityRef()`
`2664`	`2664`	`entityRefName = null;`
`2665`	`2665`	`posStart = pos;`
`2666`	`2666`	`char ch = more();`
`2667`		`- StringBuilder sb = new StringBuilder();`
	`2667`	`+ StringBuilder sb16 = new StringBuilder();`
	`2668`	`+ StringBuilder sb10 = new StringBuilder();`
`2668`	`2669`	`if ( ch == '#' )`
`2669`	`2670`	`{`
`2670`	`2671`	`// parse character reference`
`@@ -2679,17 +2680,17 @@ protected char[] parseEntityRef()`
`2679`	`2680`	`if ( ch >= '0' && ch <= '9' )`
`2680`	`2681`	`{`
`2681`	`2682`	`charRef = (char) ( charRef * 16 + ( ch - '0' ) );`
`2682`		`- sb.append( ch );`
	`2683`	`+ sb16.append( ch );`
`2683`	`2684`	`}`
`2684`	`2685`	`else if ( ch >= 'a' && ch <= 'f' )`
`2685`	`2686`	`{`
`2686`	`2687`	`charRef = (char) ( charRef * 16 + ( ch - ( 'a' - 10 ) ) );`
`2687`		`- sb.append( ch );`
	`2688`	`+ sb16.append( ch );`
`2688`	`2689`	`}`
`2689`	`2690`	`else if ( ch >= 'A' && ch <= 'F' )`
`2690`	`2691`	`{`
`2691`	`2692`	`charRef = (char) ( charRef * 16 + ( ch - ( 'A' - 10 ) ) );`
`2692`		`- sb.append( ch );`
	`2693`	`+ sb16.append( ch );`
`2693`	`2694`	`}`
`2694`	`2695`	`else if ( ch == ';' )`
`2695`	`2696`	`{`
`@@ -2710,6 +2711,7 @@ else if ( ch >= 'A' && ch <= 'F' )`
`2710`	`2711`	`if ( ch >= '0' && ch <= '9' )`
`2711`	`2712`	`{`
`2712`	`2713`	`charRef = (char) ( charRef * 10 + ( ch - '0' ) );`
	`2714`	`+ sb10.append( ch );`
`2713`	`2715`	`}`
`2714`	`2716`	`else if ( ch == ';' )`
`2715`	`2717`	`{`
`@@ -2724,16 +2726,35 @@ else if ( ch >= 'A' && ch <= 'F' )`
`2724`	`2726`	`}`
`2725`	`2727`	`}`
`2726`	`2728`	`posEnd = pos - 1;`
`2727`		`- if ( sb.length() > 0 )`
	`2729`	`+ if ( sb16.length() > 0 )`
`2728`	`2730`	`{`
`2729`		`- char[] tmp = toChars( Integer.parseInt( sb.toString(), 16 ) );`
`2730`		`- charRefOneCharBuf = tmp;`
	`2731`	`+ try`
	`2732`	`+ {`
	`2733`	`+ charRefOneCharBuf = toChars( Integer.parseInt( sb16.toString(), 16 ) );`
	`2734`	`+ }`
	`2735`	`+ catch ( IllegalArgumentException e )`
	`2736`	`+ {`
	`2737`	`+ throw new XmlPullParserException( "character reference (with hex value " + sb16.toString()`
	`2738`	`+ + ") is invalid", this, null );`
	`2739`	`+ }`
	`2740`	`+`
`2731`	`2741`	`if ( tokenize )`
`2732`	`2742`	`{`
`2733`	`2743`	`text = newString( charRefOneCharBuf, 0, charRefOneCharBuf.length );`
`2734`	`2744`	`}`
`2735`	`2745`	`return charRefOneCharBuf;`
`2736`	`2746`	`}`
	`2747`	`+`
	`2748`	`+ try`
	`2749`	`+ {`
	`2750`	`+ toChars( Integer.parseInt( sb10.toString(), 10 ) );`
	`2751`	`+ }`
	`2752`	`+ catch ( IllegalArgumentException e )`
	`2753`	`+ {`
	`2754`	`+ throw new XmlPullParserException( "character reference (with decimal value " + sb10.toString()`
	`2755`	`+ + ") is invalid", this, null );`
	`2756`	`+ }`
	`2757`	`+`
`2737`	`2758`	`charRefOneCharBuf[0] = charRef;`
`2738`	`2759`	`if ( tokenize )`
`2739`	`2760`	`{`
`@@ -3996,15 +4017,21 @@ private static boolean isHighSurrogate( char ch )`
`3996`	`4017`	`return ( MIN_HIGH_SURROGATE <= ch && MAX_HIGH_SURROGATE >= ch );`
`3997`	`4018`	`}`
`3998`	`4019`
`3999`		`- private static final int MIN_CODE_POINT = 0x000000;`
`4000`		`-`
`4001`	`4020`	`private static final int MAX_CODE_POINT = 0x10FFFF;`
`4002`	`4021`
`4003`	`4022`	`private static final int MIN_SUPPLEMENTARY_CODE_POINT = 0x10000;`
`4004`	`4023`
	`4024`	`+ /**`
	`4025`	`+ * Check if the provided parameter is a valid Char, according to: {@link https://www.w3.org/TR/REC-xml/#NT-Char}`
	`4026`	`+ *`
	`4027`	`+ * @param codePoint the numeric value to check`
	`4028`	`+ * @return true if it is a valid numeric character reference. False otherwise.`
	`4029`	`+ */`
`4005`	`4030`	`private static boolean isValidCodePoint( int codePoint )`
`4006`	`4031`	`{`
`4007`		`- return ( MIN_CODE_POINT <= codePoint && MAX_CODE_POINT >= codePoint );`
	`4032`	`+ // Char ::= #x9 \| #xA \| #xD \| [#x20-#xD7FF] \| [#xE000-#xFFFD] \| [#x10000-#x10FFFF]`
	`4033`	`+ return codePoint == 0x9 \|\| codePoint == 0xA \|\| codePoint == 0xD \|\| ( 0x20 <= codePoint && codePoint <= 0xD7FF )`
	`4034`	`+ \|\| ( 0xE000 <= codePoint && codePoint <= 0xFFFD ) \|\| ( 0x10000 <= codePoint && codePoint <= 0X10FFFF );`
`4008`	`4035`	`}`
`4009`	`4036`
`4010`	`4037`	`private static boolean isSupplementaryCodePoint( int codePoint )`