#20 Stack overflow (uncontrolled recursion) - ezxml_ent_ok

[CVE Reporting]

Function ezxml_ent_ok() is using recursion and for a crafted XML file it fails to stop consecutive executions leading to filling the execution stack and crashing the application.

Crash report from ASAN:

./ezxml_asan.exe crash_012_stack_ezxml_ent_ok.raw 
ASAN:DEADLYSIGNAL
=================================================================
==29237==ERROR: AddressSanitizer: stack-overflow on address 0x7fff9aa94f88 (pc 0x0000004361d7 bp 0x7fff9aa957f0 sp 0x7fff9aa94f90 T0)
    0 0x4361d6 in __interceptor_strlen.part.45 (ezxml-0.8.6/ezxml_asan.exe+0x4361d6)
    1 0x4ed796 in ezxml_ent_ok (ezxml-0.8.6/ezxml_asan.exe+0x4ed796)
    2 0x4ed973 in ezxml_ent_ok (ezxml-0.8.6/ezxml_asan.exe+0x4ed973)
    3 0x4ed973 in ezxml_ent_ok (ezxml-0.8.6/ezxml_asan.exe+0x4ed973)
    4 0x4ed973 in ezxml_ent_ok (ezxml-0.8.6/ezxml_asan.exe+0x4ed973)
    5 0x4ed973 in ezxml_ent_ok (ezxml-0.8.6/ezxml_asan.exe+0x4ed973)
...
    250 0x4ed973 in ezxml_ent_ok (ezxml-0.8.6/ezxml_asan.exe+0x4ed973)
    251 0x4ed973 in ezxml_ent_ok (ezxml-0.8.6/ezxml_asan.exe+0x4ed973)

SUMMARY: AddressSanitizer: stack-overflow (ezxml-0.8.6/ezxml_asan.exe+0x4361d6) in __interceptor_strlen.part.45
==29237==ABORTING

Reproduction:

Sample XML file leading to crash:

crash_012_stack_ezxml_ent_ok.raw

Code snippet for reproduction:
ezxml_t result = ezxml_parse_file("crash_012_stack_ezxml_ent_ok.raw ");

[Egbert Eich]

For me, this issue is resolved by the fix for bug 26.
Check my comment there.