From 341a72f5603e30d75bee823057098b3d01cdf196 Mon Sep 17 00:00:00 2001
From: Richard Mealing <mealingr@gmail.com>
Date: Mon, 25 Nov 2019 16:48:59 +0000
Subject: [PATCH 1/3] Add fix for overflow error in MXParser buffer sizing

---
 .../codehaus/plexus/util/xml/pull/MXParser.java |  3 ++-
 .../plexus/util/xml/pull/MXParserTest.java      | 17 +++++++++++++++++
 2 files changed, 19 insertions(+), 1 deletion(-)

diff --git a/src/main/java/org/codehaus/plexus/util/xml/pull/MXParser.java b/src/main/java/org/codehaus/plexus/util/xml/pull/MXParser.java
index 38a9ba1a..c14e7a45 100644
--- a/src/main/java/org/codehaus/plexus/util/xml/pull/MXParser.java
+++ b/src/main/java/org/codehaus/plexus/util/xml/pull/MXParser.java
@@ -3656,7 +3656,8 @@ else if ( expand )
                 buf = newBuf;
                 if ( bufLoadFactor > 0 )
                 {
-                    bufSoftLimit = ( bufLoadFactor * buf.length ) / 100;
+                    // Include fix for https://web.archive.org/web/20070831191548/http://www.extreme.indiana.edu/bugzilla/show_bug.cgi?id=228
+                    bufSoftLimit = (int) ((((long) bufLoadFactor) * buf.length) / 100);
                 }
 
             }
diff --git a/src/test/java/org/codehaus/plexus/util/xml/pull/MXParserTest.java b/src/test/java/org/codehaus/plexus/util/xml/pull/MXParserTest.java
index 79fb64b1..c6f4e803 100644
--- a/src/test/java/org/codehaus/plexus/util/xml/pull/MXParserTest.java
+++ b/src/test/java/org/codehaus/plexus/util/xml/pull/MXParserTest.java
@@ -391,6 +391,23 @@ public void testSubsequentProcessingInstructionMoreThan8k()
         assertEquals( XmlPullParser.END_TAG, parser.nextToken() );
     }
 
+    @Test
+    public void testFillBuf_NoOverflow()
+        throws Exception
+    {
+        MXParser parser = new MXParser();
+        parser.reader = new StringReader("testFillBuf_NoOverflow");
+        parser.bufEnd = 15941364;
+        parser.buf = new char[16777216];
+
+        parser.fillBuf();
+
+        // Without this fix
+        // https://web.archive.org/web/20070831191548/http://www.extreme.indiana.edu/bugzilla/show_bug.cgi?id=228
+        // the integer value overflows to -11072962
+        assertTrue(parser.bufSoftLimit >= 0);
+    }
+
     public void testMalformedProcessingInstructionAfterTag()
         throws Exception
     {

From 6c55f731aa792973a60a82eb114658428892c26c Mon Sep 17 00:00:00 2001
From: Richard Mealing <mealingr@gmail.com>
Date: Wed, 27 Nov 2019 10:18:29 +0000
Subject: [PATCH 2/3] simplify the fix

---
 .../java/org/codehaus/plexus/util/xml/pull/MXParser.java    | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/main/java/org/codehaus/plexus/util/xml/pull/MXParser.java b/src/main/java/org/codehaus/plexus/util/xml/pull/MXParser.java
index c14e7a45..9aa995ea 100644
--- a/src/main/java/org/codehaus/plexus/util/xml/pull/MXParser.java
+++ b/src/main/java/org/codehaus/plexus/util/xml/pull/MXParser.java
@@ -401,9 +401,11 @@ protected void ensureEntityCapacity()
     protected int bufLoadFactor = 95; // 99%
     // protected int bufHardLimit; // only matters when expanding
 
+    protected float bufferLoadFactor = bufLoadFactor / 100f;
+
     protected char buf[] = new char[Runtime.getRuntime().freeMemory() > 1000000L ? READ_CHUNK_SIZE : 256];
 
-    protected int bufSoftLimit = ( bufLoadFactor * buf.length ) / 100; // desirable size of buffer
+    protected int bufSoftLimit = (int) (bufferLoadFactor * buf.length); // desirable size of buffer
 
     protected boolean preventBufferCompaction;
 
@@ -3657,7 +3659,7 @@ else if ( expand )
                 if ( bufLoadFactor > 0 )
                 {
                     // Include fix for https://web.archive.org/web/20070831191548/http://www.extreme.indiana.edu/bugzilla/show_bug.cgi?id=228
-                    bufSoftLimit = (int) ((((long) bufLoadFactor) * buf.length) / 100);
+                    bufSoftLimit = (int) (bufferLoadFactor * buf.length);
                 }
 
             }

From a3f9276f4c2ce087d7d34fefadc9142c6eb32601 Mon Sep 17 00:00:00 2001
From: Richard Mealing <mealingr@gmail.com>
Date: Thu, 28 Nov 2019 10:46:22 +0000
Subject: [PATCH 3/3] call public api for test

---
 .../plexus/util/xml/pull/MXParser.java        |  2 +-
 .../plexus/util/xml/pull/MXParserTest.java    | 25 +++++++++++--------
 2 files changed, 16 insertions(+), 11 deletions(-)

diff --git a/src/main/java/org/codehaus/plexus/util/xml/pull/MXParser.java b/src/main/java/org/codehaus/plexus/util/xml/pull/MXParser.java
index 9aa995ea..fc1e4c9d 100644
--- a/src/main/java/org/codehaus/plexus/util/xml/pull/MXParser.java
+++ b/src/main/java/org/codehaus/plexus/util/xml/pull/MXParser.java
@@ -3658,7 +3658,7 @@ else if ( expand )
                 buf = newBuf;
                 if ( bufLoadFactor > 0 )
                 {
-                    // Include fix for https://web.archive.org/web/20070831191548/http://www.extreme.indiana.edu/bugzilla/show_bug.cgi?id=228
+                    // Include a fix for https://web.archive.org/web/20070831191548/http://www.extreme.indiana.edu/bugzilla/show_bug.cgi?id=228
                     bufSoftLimit = (int) (bufferLoadFactor * buf.length);
                 }
 
diff --git a/src/test/java/org/codehaus/plexus/util/xml/pull/MXParserTest.java b/src/test/java/org/codehaus/plexus/util/xml/pull/MXParserTest.java
index c6f4e803..6ab89978 100644
--- a/src/test/java/org/codehaus/plexus/util/xml/pull/MXParserTest.java
+++ b/src/test/java/org/codehaus/plexus/util/xml/pull/MXParserTest.java
@@ -392,20 +392,25 @@ public void testSubsequentProcessingInstructionMoreThan8k()
     }
 
     @Test
-    public void testFillBuf_NoOverflow()
+    public void testLargeText_NoOverflow()
         throws Exception
     {
-        MXParser parser = new MXParser();
-        parser.reader = new StringReader("testFillBuf_NoOverflow");
-        parser.bufEnd = 15941364;
-        parser.buf = new char[16777216];
+        StringBuffer sb = new StringBuffer();
+        sb.append("<?xml version=\"1.0\" encoding=\"UTF-8\"?>");
+        sb.append("<largetextblock>");
+        // Anything above 33,554,431 would fail without a fix for
+        // https://web.archive.org/web/20070831191548/http://www.extreme.indiana.edu/bugzilla/show_bug.cgi?id=228
+        // with java.io.IOException: error reading input, returned 0
+        sb.append(new String(new char[33554432]));
+        sb.append("</largetextblock>");
 
-        parser.fillBuf();
+        MXParser parser = new MXParser();
+        parser.setInput(new StringReader(sb.toString()));
 
-        // Without this fix
-        // https://web.archive.org/web/20070831191548/http://www.extreme.indiana.edu/bugzilla/show_bug.cgi?id=228
-        // the integer value overflows to -11072962
-        assertTrue(parser.bufSoftLimit >= 0);
+        assertEquals(XmlPullParser.PROCESSING_INSTRUCTION, parser.nextToken());
+        assertEquals(XmlPullParser.START_TAG, parser.nextToken());
+        assertEquals(XmlPullParser.TEXT, parser.nextToken());
+        assertEquals(XmlPullParser.END_TAG, parser.nextToken());
     }
 
     public void testMalformedProcessingInstructionAfterTag()