From a9aaf85cfc3025b7013b5adc4bef2ce32ecc7fb1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Berkay=20Eren=20=C3=9Cr=C3=BCn?= <berkay.ueruen@tum.de>
Date: Tue, 23 Sep 2025 12:12:50 +0200
Subject: [PATCH] tests: Add line/column checks to async entity tests

CVE: CVE-2024-8176
Upstream-Status: Backport [https://github.com/libexpat/libexpat/pull/1059]
Signed-off-by: Peter Marko <peter.marko@siemens.com>
---
 tests/misc_tests.c | 17 ++++++++++++-----
 1 file changed, 12 insertions(+), 5 deletions(-)

diff --git a/tests/misc_tests.c b/tests/misc_tests.c
index 19f41df7..7a4d2455 100644
--- a/tests/misc_tests.c
+++ b/tests/misc_tests.c
@@ -644,6 +644,8 @@ START_TEST(test_misc_async_entity_rejected) {
     const char *doc;
     enum XML_Status expectedStatusNoGE;
     enum XML_Error expectedErrorNoGE;
+    XML_Size expectedErrorLine;
+    XML_Size expectedErrorColumn;
   };
   const struct test_case cases[] = {
       // Opened by one entity, closed by another
@@ -652,35 +654,35 @@ START_TEST(test_misc_async_entity_rejected) {
        "   <!ENTITY close '</t1>'>\n"
        "]>\n"
        "<t0>&open;&close;</t0>\n",
-       XML_STATUS_OK, XML_ERROR_NONE},
+       XML_STATUS_OK, XML_ERROR_NONE, 5, 4},
       // Opened by tag, closed by entity (non-root case)
       {"<!DOCTYPE t0 [\n"
        "  <!ENTITY g0 ''>\n"
        "  <!ENTITY g1 '&g0;</t1>'>\n"
        "]>\n"
        "<t0><t1>&g1;</t0>\n",
-       XML_STATUS_ERROR, XML_ERROR_TAG_MISMATCH},
+       XML_STATUS_ERROR, XML_ERROR_TAG_MISMATCH, 5, 8},
       // Opened by tag, closed by entity (root case)
       {"<!DOCTYPE t0 [\n"
        "  <!ENTITY g0 ''>\n"
        "  <!ENTITY g1 '&g0;</t0>'>\n"
        "]>\n"
        "<t0>&g1;\n",
-       XML_STATUS_ERROR, XML_ERROR_NO_ELEMENTS},
+       XML_STATUS_ERROR, XML_ERROR_NO_ELEMENTS, 5, 4},
       // Opened by entity, closed by tag <-- regression from 2.7.0
       {"<!DOCTYPE t0 [\n"
        "  <!ENTITY g0 ''>\n"
        "  <!ENTITY g1 '<t1>&g0;'>\n"
        "]>\n"
        "<t0>&g1;</t1></t0>\n",
-       XML_STATUS_ERROR, XML_ERROR_TAG_MISMATCH},
+       XML_STATUS_ERROR, XML_ERROR_TAG_MISMATCH, 5, 4},
       // Opened by tag, closed by entity; then the other way around
       {"<!DOCTYPE t0 [\n"
        "  <!ENTITY open '<t1>'>\n"
        "  <!ENTITY close '</t1>'>\n"
        "]>\n"
        "<t0><t1>&close;&open;</t1></t0>\n",
-       XML_STATUS_OK, XML_ERROR_NONE},
+       XML_STATUS_OK, XML_ERROR_NONE, 5, 8},
   };
 
   for (size_t i = 0; i < sizeof(cases) / sizeof(cases[0]); i++) {
@@ -701,6 +703,11 @@ START_TEST(test_misc_async_entity_rejected) {
                                         /*isFinal=*/XML_TRUE)
                 == expectedStatus);
     assert_true(XML_GetErrorCode(parser) == expectedError);
+#if XML_GE == 1
+    assert_true(XML_GetCurrentLineNumber(parser) == testCase.expectedErrorLine);
+    assert_true(XML_GetCurrentColumnNumber(parser)
+                == testCase.expectedErrorColumn);
+#endif
     XML_ParserFree(parser);
   }
 }