From 2c2b8cbdfdad3d981bbc9ca6ae08834f99def92d Mon Sep 17 00:00:00 2001
From: "Aaron S. Hawley" <aaron.s.hawley@gmail.com>
Date: Mon, 15 Feb 2016 13:09:00 -0500
Subject: [PATCH 1/2] Unit tests for #35 OOM on malformed input

* src/test/scala/scala/xml/XMLTest.scala (issue35): New test.

* src/test/scala/scala/xml/pull/XMLEventReaderTest.scala
(issue35): New test.
---
 src/test/scala/scala/xml/XMLTest.scala             |  6 ++++++
 .../scala/scala/xml/pull/XMLEventReaderTest.scala  | 14 +++++++++++++-
 2 files changed, 19 insertions(+), 1 deletion(-)

diff --git a/src/test/scala/scala/xml/XMLTest.scala b/src/test/scala/scala/xml/XMLTest.scala
index 57ebf2b68..9ef204903 100644
--- a/src/test/scala/scala/xml/XMLTest.scala
+++ b/src/test/scala/scala/xml/XMLTest.scala
@@ -838,6 +838,12 @@ expected closing tag of foo
     assertEquals("""<x:foo xmlns:x="gaga"/>""", pp.format(x))
   }
 
+  @UnitTest( expected = classOf[scala.xml.SAXParseException] )
+  def issue35: Unit = {
+    val broken = "<broken attribute='is truncated"
+    XML.loadString(broken)
+  }
+
   @UnitTest
   def nodeSeqNs: Unit = {
     val x = {
diff --git a/src/test/scala/scala/xml/pull/XMLEventReaderTest.scala b/src/test/scala/scala/xml/pull/XMLEventReaderTest.scala
index be55938ca..cf5b2504a 100644
--- a/src/test/scala/scala/xml/pull/XMLEventReaderTest.scala
+++ b/src/test/scala/scala/xml/pull/XMLEventReaderTest.scala
@@ -1,4 +1,5 @@
-package scala.xml.pull
+package scala.xml
+package pull
 
 import org.junit.Test
 import org.junit.Ignore
@@ -40,6 +41,17 @@ class XMLEventReaderTest {
     er.stop  // allow thread to be garbage-collected
   }
 
+  @Test
+  def issue35: Unit = {
+    val broken = "<broken attribute='is truncated"
+    val x = new Source {
+      val iter = broken.iterator
+      override def reportError(pos: Int, msg: String, out: java.io.PrintStream = Console.err) {}
+    }
+    val r = new XMLEventReader(x)
+    assertTrue(r.next.isInstanceOf[EvElemStart])
+  }
+
  @Test(expected = classOf[Exception]) 
  def missingTagTest: Unit = {
    val data=

From 578072fa43219d42695a7b1e5720518867cffdc3 Mon Sep 17 00:00:00 2001
From: Som Snytt <som.snytt@gmail.com>
Date: Mon, 22 Dec 2014 23:34:21 -0800
Subject: [PATCH 2/2] Fix #35 OOM on malformed input

* src/main/scala/scala/xml/parsing/MarkupParserCommon.scala
(xAttributeValue): Check for eof in while loop.
---
 src/main/scala/scala/xml/parsing/MarkupParserCommon.scala | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/main/scala/scala/xml/parsing/MarkupParserCommon.scala b/src/main/scala/scala/xml/parsing/MarkupParserCommon.scala
index 31d81d343..2e0568d12 100644
--- a/src/main/scala/scala/xml/parsing/MarkupParserCommon.scala
+++ b/src/main/scala/scala/xml/parsing/MarkupParserCommon.scala
@@ -63,7 +63,7 @@ private[scala] trait MarkupParserCommon extends TokenTests {
    */
   def xAttributeValue(endCh: Char): String = {
     val buf = new StringBuilder
-    while (ch != endCh) {
+    while (ch != endCh && !eof) {
       // well-formedness constraint
       if (ch == '<') return errorAndResult("'<' not allowed in attrib value", "")
       else if (ch == SU) truncatedError("")