@@ -2534,44 +2534,7 @@ else if ( xmlnsPos == 5 )
25342534 }
25352535 if ( ch == '&' )
25362536 {
2537- // extractEntityRef
2538- posEnd = pos - 1 ;
2539- if ( !usePC )
2540- {
2541- final boolean hadCharData = posEnd > posStart ;
2542- if ( hadCharData )
2543- {
2544- // posEnd is already set correctly!!!
2545- joinPC ();
2546- }
2547- else
2548- {
2549- usePC = true ;
2550- pcStart = pcEnd = 0 ;
2551- }
2552- }
2553- // assert usePC == true;
2554-
2555- final char [] resolvedEntity = parseEntityRef ();
2556- // check if replacement text can be resolved !!!
2557- if ( resolvedEntity == null )
2558- {
2559- if ( entityRefName == null )
2560- {
2561- entityRefName = newString ( buf , posStart , posEnd - posStart );
2562- }
2563- throw new XmlPullParserException ( "could not resolve entity named '" + printable ( entityRefName )
2564- + "'" , this , null );
2565- }
2566- // write into PC replacement text - do merge for replacement text!!!!
2567- for ( char aResolvedEntity : resolvedEntity )
2568- {
2569- if ( pcEnd >= pc .length )
2570- {
2571- ensurePC ( pcEnd );
2572- }
2573- pc [pcEnd ++] = aResolvedEntity ;
2574- }
2537+ extractEntityRef ();
25752538 }
25762539 else if ( ch == '\t' || ch == '\n' || ch == '\r' )
25772540 {
@@ -2759,11 +2722,22 @@ else if ( ch >= 'A' && ch <= 'F' )
27592722 }
27602723 }
27612724 posEnd = pos - 1 ;
2762- try
2725+
2726+ int codePoint = Integer .parseInt ( sb .toString (), isHex ? 16 : 10 );
2727+ boolean isValidCodePoint = isValidCodePoint ( codePoint );
2728+ if ( isValidCodePoint )
27632729 {
2764- charRefOneCharBuf = Character .toChars ( Integer .parseInt ( sb .toString (), isHex ? 16 : 10 ) );
2730+ try
2731+ {
2732+ charRefOneCharBuf = Character .toChars ( codePoint );
2733+ }
2734+ catch ( IllegalArgumentException e )
2735+ {
2736+ isValidCodePoint = false ;
2737+ }
27652738 }
2766- catch ( IllegalArgumentException e )
2739+
2740+ if ( !isValidCodePoint )
27672741 {
27682742 throw new XmlPullParserException ( "character reference (with " + ( isHex ? "hex" : "decimal" )
27692743 + " value " + sb .toString () + ") is invalid" , this , null );
@@ -3440,10 +3414,14 @@ private void parseDocdecl()
34403414 ch = more ();
34413415 if ( ch == '[' )
34423416 ++bracketLevel ;
3443- if ( ch == ']' )
3417+ else if ( ch == ']' )
34443418 --bracketLevel ;
3445- if ( ch == '>' && bracketLevel == 0 )
3419+ else if ( ch == '>' && bracketLevel == 0 )
34463420 break ;
3421+ else if ( ch == '&' )
3422+ {
3423+ extractEntityRef ();
3424+ }
34473425 if ( normalizeIgnorableWS )
34483426 {
34493427 if ( ch == '\r' )
@@ -3496,6 +3474,49 @@ else if ( ch == '\n' )
34963474 posEnd = pos - 1 ;
34973475 }
34983476
3477+ private void extractEntityRef ()
3478+ throws XmlPullParserException , IOException
3479+ {
3480+ // extractEntityRef
3481+ posEnd = pos - 1 ;
3482+ if ( !usePC )
3483+ {
3484+ final boolean hadCharData = posEnd > posStart ;
3485+ if ( hadCharData )
3486+ {
3487+ // posEnd is already set correctly!!!
3488+ joinPC ();
3489+ }
3490+ else
3491+ {
3492+ usePC = true ;
3493+ pcStart = pcEnd = 0 ;
3494+ }
3495+ }
3496+ // assert usePC == true;
3497+
3498+ final char [] resolvedEntity = parseEntityRef ();
3499+ // check if replacement text can be resolved !!!
3500+ if ( resolvedEntity == null )
3501+ {
3502+ if ( entityRefName == null )
3503+ {
3504+ entityRefName = newString ( buf , posStart , posEnd - posStart );
3505+ }
3506+ throw new XmlPullParserException ( "could not resolve entity named '" + printable ( entityRefName )
3507+ + "'" , this , null );
3508+ }
3509+ // write into PC replacement text - do merge for replacement text!!!!
3510+ for ( char aResolvedEntity : resolvedEntity )
3511+ {
3512+ if ( pcEnd >= pc .length )
3513+ {
3514+ ensurePC ( pcEnd );
3515+ }
3516+ pc [pcEnd ++] = aResolvedEntity ;
3517+ }
3518+ }
3519+
34993520 private void parseCDSect ( boolean hadCharData )
35003521 throws XmlPullParserException , IOException
35013522 {
0 commit comments