encoding/xml: reject invalid comments

Fixes #11112. Change-Id: I16e7363549a0dec8c61addfa14af0866c1fd7c40 Reviewed-on: https://go-review.googlesource.com/14173 Reviewed-by: Russ Cox <rsc@golang.org>
2024-11-24 04:40:24 -07:00 · 2015-09-02 19:05:22 +02:00 · 2015-09-02 19:05:22 +02:00 · 97c859f8da
commit 97c859f8da
parent 3f6b91b113
2 changed files with 27 additions and 1 deletions
--- a/src/encoding/xml/read_test.go
+++ b/src/encoding/xml/read_test.go
@ -712,3 +712,24 @@ func TestUnmarshalIntoInterface(t *testing.T) {
 		t.Errorf("failed to unmarshal into interface, have %q want %q", have, want)
 	}
 }
+
+type X struct {
+	D string `xml:",comment"`
+}
+
+// Issue 11112. Unmarshal must reject invalid comments.
+func TestMalformedComment(t *testing.T) {
+	testData := []string{
+		"<X><!-- a---></X>",
+		"<X><!-- -- --></X>",
+		"<X><!-- a--b --></X>",
+		"<X><!------></X>",
+	}
+	for i, test := range testData {
+		data := []byte(test)
+		v := new(X)
+		if err := Unmarshal(data, v); err == nil {
+			t.Errorf("%d: unmarshal should reject invalid comments", i)
+		}
+	}
+}
--- a/src/encoding/xml/xml.go
+++ b/src/encoding/xml/xml.go
@ -624,7 +624,12 @@ func (d *Decoder) rawToken() (Token, error) {
 					return nil, d.err
 				}
 				d.buf.WriteByte(b)
-				if b0 == '-' && b1 == '-' && b == '>' {
+				if b0 == '-' && b1 == '-' {
+					if b != '>' {
+						d.err = d.syntaxError(
+							`invalid sequence "--" not allowed in comments`)
+						return nil, d.err
+					}
 					break
 				}
 				b0, b1 = b1, b