fix(threat) line was taken as position (#21)

lunarmodules · Mar 31, 2022 · 2025cd4 · 2025cd4
1 parent b3f2702
commit 2025cd4
Show file tree

Hide file tree

Showing 3 changed files with 36 additions and 4 deletions.
diff --git a/docs/index.html b/docs/index.html
@@ -90,6 +90,13 @@ <h2><a name="download"></a>Download</h2>
 <h2><a name="history"></a>History</h2>
 
 <dl class="history">
+	<dt><strong>Version x.y.z</strong> [unreleased]</dt>
+	<dd>
+		<ul>
+			<li>Fix bad buffer size calculation in threat parser</li>
+		</ul>
+	</dd>
+
 	<dt><strong>Version 1.4.0</strong> [22/Mar/2022]</dt>
 	<dd>
 		<ul>

diff --git a/spec/02-threat_spec.lua b/spec/02-threat_spec.lua
@@ -1523,15 +1523,19 @@ describe("threats", function()
 
 	describe("buffer size", function()
 
-		local old_doc
+		local old_doc, old_mchild
 
 		setup(function()
 			old_doc = threat.document
+			old_mchild = threat.maxChildren
 			threat.document = nil  -- disable document checks with these tests
+			threat.maxChildren = nil -- and max children checks
 		end)
 
 		teardown(function()
-			threat.document = old_doc -- reenable old setting
+			-- reenable old setting
+			threat.document = old_doc
+			threat.maxChildren = old_mchild
 		end)
 
 
@@ -1557,6 +1561,24 @@ describe("threats", function()
 			assert.falsy(r)
 		end)
 
+
+		it("passes with complexer xml", function()
+			local child = "<child>hello</child>" -- child within constraints
+			local doc = "<root>"..child:rep(100).."</root>"
+			local i = 0
+			local r, err
+			local chunk_size = 10 -- parse in chunks of 10 bytes
+			repeat
+				i = i + 1
+				local s = (i-1) * chunk_size + 1
+				local e = s + chunk_size - 1
+				r, err = p:parse(doc:sub(s, e))
+			until (not r) or (s > #doc)
+
+			assert.is_nil(err)
+			assert.truthy(r)
+		end)
+
 	end)
 
 end)
diff --git a/src/lxp/threat.lua b/src/lxp/threat.lua
@@ -143,8 +143,11 @@ function threat.new(callbacks, separator, merge_character_data)
 			if threat_error_data then
 				return nil, threat_error_data[1], threat_error_data[2], threat_error_data[3], threat_error_data[4]
 			end
-			if checks.buffer and size - parser:pos() > checks.buffer then
-				return nil, "unparsed buffer too large"
+			if checks.buffer then
+				local _, _, pos = parser:pos()
+				if size - pos > checks.buffer then
+					return nil, "unparsed buffer too large"
+				end
 			end
 			if a == parser then
 				return p,b,c,d,e