I have encountered three bugs when parsing documents with an internal DTD. The attached patch contains fixes for all three. The bugs are:
When an entity was declared multiple times, i.e.
<!ENTITY sameName "test1">
<!ENTITY sameName "test2">
the second and following declarations did not cause an entity declaration handler call but multiple calls to the default handler with the character data inside of the declaration. The first two hunks of the patch fix this by removing a few lines.
On an element declaration with a choice of three or more elements, i.e.
<!ELEMENT elm1 (elm2|elm3|elm4)>
each pipe character (starting at the second one) caused one default handler call before the element declaration handler call, containing only the pipe character. So the above example caused a default handler call with "|" as its data followed by the expected element declaration handler call. Choices with more elements caused more default handler calls. handleDefault was not properly set to false in this case. Hunk 3 fixes this.
If the xml file had CR or CRLF as line delimiters, then Expat failed to convert them into LF if they occurred before the root xml tag. That is what hunk 4 fixes.