From 77cfb8f4cd9679cef27ae9bc38e39ac51235af2d Mon Sep 17 00:00:00 2001
From: Sebastian Pipping <sebastian@pipping.org>
Date: Fri, 14 May 2021 20:26:26 +0200
Subject: [PATCH] tests: Cover accounting of CDATA sections inside of general
 entities

---
 expat/tests/runtests.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/expat/tests/runtests.c b/expat/tests/runtests.c
index 0e2b49fa..e3944561 100644
--- a/expat/tests/runtests.c
+++ b/expat/tests/runtests.c
@@ -11318,6 +11318,16 @@ START_TEST(test_accounting_precision) {
 
       /* CDATA */
       {"<e><![CDATA[one two three]]></e>", NULL, NULL, 0, filled_later},
+      /* The following is the essence of this OSS-Fuzz finding:
+         https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=34302
+         https://oss-fuzz.com/testcase-detail/4860575394955264
+      */
+      {"<!DOCTYPE r [\n"
+       "<!ENTITY e \"111<![CDATA[2 <= 2]]>333\">\n"
+       "]>\n"
+       "<r>&e;</r>\n",
+       NULL, NULL, sizeof(XML_Char) * strlen("111<![CDATA[2 <= 2]]>333"),
+       filled_later},
 
       /* Conditional sections */
       {"<!DOCTYPE r [\n"