From: Jeff Smith <whydoubt@gmail.com>
Subject: [PATCH v3 2/3] xmllite: Whitespace node not returned when followed by invalid character.
Message-Id: <20191205195326.928106-2-whydoubt@gmail.com>
Date: Thu,  5 Dec 2019 13:53:25 -0600
In-Reply-To: <20191205195326.928106-1-whydoubt@gmail.com>
References: <20191205195326.928106-1-whydoubt@gmail.com>

Signed-off-by: Jeff Smith <whydoubt@gmail.com>
---
 dlls/xmllite/reader.c       | 12 ++++++++++--
 dlls/xmllite/tests/reader.c |  2 --
 2 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/dlls/xmllite/reader.c b/dlls/xmllite/reader.c
index eddc4d8eec..79e5c2253a 100644
--- a/dlls/xmllite/reader.c
+++ b/dlls/xmllite/reader.c
@@ -1113,8 +1113,8 @@ static inline UINT reader_get_cur(xmlreader *reader)
 static inline WCHAR *reader_get_ptr(xmlreader *reader)
 {
     encoded_buffer *buffer = &reader->input->buffer->utf16;
-    WCHAR *ptr = (WCHAR*)buffer->data + buffer->cur;
-    if (!*ptr) reader_more(reader);
+    if (buffer->cur*sizeof(WCHAR) >= buffer->written)
+        reader_more(reader);
     return (WCHAR*)buffer->data + buffer->cur;
 }
 
@@ -1714,8 +1714,16 @@ static HRESULT reader_parse_whitespace(xmlreader *reader)
     {
         strval value;
         UINT start;
+        const encoded_buffer *buffer = &reader->input->buffer->utf16;
 
         reader_skipspaces(reader);
+
+        /* Do NOT return Whitespace node if followed by a character other than '<'.
+         * The reader_skipspaces call should have already read in the character. */
+        if (buffer->cur*sizeof(WCHAR) < buffer->written &&
+                *reader_get_ptr2(reader, buffer->cur) != '<')
+            return WC_E_SYNTAX;
+
         if (is_reader_pending(reader)) return S_OK;
 
         start = reader->resume[XmlReadResume_Body];
diff --git a/dlls/xmllite/tests/reader.c b/dlls/xmllite/tests/reader.c
index 88b9103e1e..b02301907d 100644
--- a/dlls/xmllite/tests/reader.c
+++ b/dlls/xmllite/tests/reader.c
@@ -1064,10 +1064,8 @@ todo_wine
 
     type = -1;
     hr = IXmlReader_Read(reader, &type);
-todo_wine {
     ok(hr == WC_E_SYNTAX || broken(hr == WC_E_XMLCHARACTER), "expected WC_E_SYNTAX, got 0x%08x\n", hr);
     ok(type == XmlNodeType_None, "expected XmlNodeType_None, got %s\n", type_to_str(type));
-}
 
     stream = create_stream_on_data(xml_comment, sizeof(xml_comment));
     hr = IXmlReader_SetInput(reader, (IUnknown *)stream);

-- 
2.23.0