prevent infinite loop on unterminated entity declaration at end of stream

goetas · goetas · commit 21eeaf0a6044 · 2020-02-06T12:28:31.000+01:00
diff --git a/src/HTML5/Parser/Tokenizer.php b/src/HTML5/Parser/Tokenizer.php
@@ -1111,6 +1111,13 @@ protected function decodeCharacterReference($inAttribute = false)
         if ('#' === $tok) {
             $tok = $this->scanner->next();
 
+            if (false === $tok) {
+                $this->parseError('Expected &#DEC; &#HEX;, got EOF');
+                $this->scanner->unconsume(1);
+
+                return '&';
+            }
+
             // Hexidecimal encoding.
             // X[0-9a-fA-F]+;
             // x[0-9a-fA-F]+;
diff --git a/test/HTML5/Parser/DOMTreeBuilderTest.php b/test/HTML5/Parser/DOMTreeBuilderTest.php
@@ -133,6 +133,14 @@ public function testBareAmpersandNotAllowedInBody()
         </html>', $doc->saveXML());
     }
 
+    public function testEntityAtEndOfFile()
+    {
+        $fragment = $this->parseFragment('&#');
+        $this->assertInstanceOf('DOMDocumentFragment', $fragment);
+        $this->assertSame('&#', $fragment->textContent);
+        $this->assertEquals('Line 1, Col 2: Expected &#DEC; &#HEX;, got EOF', $this->errors[0]);
+    }
+
     public function testStrangeCapitalization()
     {
         $html = '<!doctype html>

Original file line number	Diff line number	Diff line change
`@@ -133,6 +133,14 @@ public function testBareAmpersandNotAllowedInBody()`
`133`	`133`	`</html>', $doc->saveXML());`
`134`	`134`	`}`
`135`	`135`
	`136`	`+ public function testEntityAtEndOfFile()`
	`137`	`+ {`
	`138`	`+ $fragment = $this->parseFragment('&#');`
	`139`	`+ $this->assertInstanceOf('DOMDocumentFragment', $fragment);`
	`140`	`+ $this->assertSame('&#', $fragment->textContent);`
	`141`	`+ $this->assertEquals('Line 1, Col 2: Expected &#DEC; &#HEX;, got EOF', $this->errors[0]);`
	`142`	`+ }`
	`143`	`+`
`136`	`144`	`public function testStrangeCapitalization()`
`137`	`145`	`{`
`138`	`146`	`$html = '<!doctype html>`