merge revision(s) r48161:

* lib/rexml/entity.rb: keep the entity size within the limitation. reported by Willis Vandevanter <will@silentrobots.com> and patched by nahi. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_1@48163 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
author: nagachika <nagachika@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> 2014-10-27 11:23:17 +0000
committer: nagachika <nagachika@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> 2014-10-27 11:23:17 +0000
commit: d86ba46a65734423c05cb399c61f096db4f82712 (patch)
tree: 8269cb0ca105be1a161ee5ed96a2ab1859cf1dd5 /test/rexml/test_entity.rb
parent: eca3835c65f6e63b92dd5387257322323ab43563 (diff)
1 files changed, 16 insertions, 0 deletions
diff --git a/test/rexml/test_entity.rb b/test/rexml/test_entity.rb
index 7b9f39495f..ddb6f4565d 100644
--- a/test/rexml/test_entity.rb
+++ b/test/rexml/test_entity.rb
@@ -122,6 +122,22 @@ class EntityTester < Test::Unit::TestCase
     end
   end
 
+  def test_entity_string_limit_for_parameter_entity
+    template = '<!DOCTYPE bomb [ <!ENTITY % a "^" > <!ENTITY bomb "$" > ]><root/>'
+    len      = 5120 # 5k per entity
+    template.sub!(/\^/, "B" * len)
+
+    # 10k is OK
+    entities = '%a;' * 2 # 5k entity * 2 = 10k
+    REXML::Document.new(template.sub(/\$/, entities))
+
+    # above 10k explodes
+    entities = '%a;' * 3 # 5k entity * 2 = 15k
+    assert_raises(REXML::ParseException) do
+      REXML::Document.new(template.sub(/\$/, entities))
+    end
+  end
+
   def test_raw
     source = '<!DOCTYPE foo [
 <!ENTITY ent "replace">
author	nagachika <nagachika@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>	2014-10-27 11:23:17 +0000
committer	nagachika <nagachika@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>	2014-10-27 11:23:17 +0000
commit	d86ba46a65734423c05cb399c61f096db4f82712 (patch)
tree	8269cb0ca105be1a161ee5ed96a2ab1859cf1dd5 /test/rexml/test_entity.rb
parent	eca3835c65f6e63b92dd5387257322323ab43563 (diff)