Fails on empty doctype

The parser was crashing with debug assertions enabled but passing with debug assertions disabled

Closes tafia#608

src/errors.rs

@@ -37,6 +37,8 @@ pub enum Error {
     /// `Event::BytesDecl` must start with *version* attribute. Contains the attribute
     /// that was found or `None` if an xml declaration doesn't contain attributes.
     XmlDeclWithoutVersion(Option<String>),
+    /// Empty `Event::DocType`.
+    EmptyDocType,
     /// Attribute parsing error
     InvalidAttr(AttrError),
     /// Escape error
@@ -109,6 +111,7 @@ impl fmt::Display for Error {
                 "XmlDecl must start with 'version' attribute, found {:?}",
                 e
             ),
+            Error::EmptyDocType => write!(f, "DOCTYPE declaration must not be empty"),
             Error::InvalidAttr(e) => write!(f, "error while parsing attribute: {}", e),
             Error::EscapeError(e) => write!(f, "{}", e),
             Error::UnknownPrefix(prefix) => {

src/reader/parser.rs

@@ -117,7 +117,9 @@ impl Parser {
                     .iter()
                     .position(|b| !is_whitespace(*b))
                     .unwrap_or(len - 8);
-                debug_assert!(start < len - 8, "DocType must have a name");
+                if start + 8 >= len {
+                    return Err(Error::EmptyDocType);
+                }
                 Ok(Event::DocType(BytesText::wrap(
                     &buf[8 + start..],
                     self.decoder(),

tests/fuzzing.rs

@@ -3,6 +3,7 @@
 use quick_xml::events::Event;
 use quick_xml::reader::Reader;
 use std::io::Cursor;
+use quick_xml::Error;
 
 #[test]
 fn fuzz_53() {
@@ -50,3 +51,12 @@ fn fuzz_101() {
         buf.clear();
     }
 }
+
+#[test]
+fn fuzz_empty_doctype() {
+    let data = b"<!doctype>";
+    let mut reader = Reader::from_reader(data.as_slice());
+    let mut buf = Vec::new();
+    assert!(matches!(reader.read_event_into(&mut buf).unwrap_err(), Error::EmptyDocType));
+    assert_eq!(reader.read_event_into(&mut buf).unwrap(), Event::Eof);
+}