From 4e1add1a462980cd6d12eae9adf53986db8df0b8 Mon Sep 17 00:00:00 2001
From: "arseny.kapoulkine@gmail.com"
 <arseny.kapoulkine@gmail.com@99668b35-9821-0410-8761-19e4c4f06640>
Date: Wed, 20 Mar 2013 02:44:05 +0000
Subject: Fix invalid assertion in XPath: reallocation can result in allocating
 buffer of the same size due to pointer-sized alignment

git-svn-id: http://pugixml.googlecode.com/svn/trunk@946 99668b35-9821-0410-8761-19e4c4f06640
---
 src/pugixml.cpp      |  2 +-
 tests/test_xpath.cpp | 14 ++++++++++++++
 2 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/src/pugixml.cpp b/src/pugixml.cpp
index 66493ab..a0b3241 100644
--- a/src/pugixml.cpp
+++ b/src/pugixml.cpp
@@ -5825,7 +5825,7 @@ PUGI__NS_BEGIN
 			if (result != ptr && ptr)
 			{
 				// copy old data
-				assert(new_size > old_size);
+				assert(new_size >= old_size);
 				memcpy(result, ptr, old_size);
 
 				// free the previous page if it had no other objects
diff --git a/tests/test_xpath.cpp b/tests/test_xpath.cpp
index 526854a..7f74578 100644
--- a/tests/test_xpath.cpp
+++ b/tests/test_xpath.cpp
@@ -420,4 +420,18 @@ TEST_XML(xpath_out_of_memory_evaluate_predicate, "<node><a/><a/><a/><a/><a/><a/>
 #endif
 }
 
+TEST(xpath_memory_concat_massive)
+{
+	pugi::xml_document doc;
+	pugi::xml_node node = doc.append_child(STR("node"));
+
+	for (int i = 0; i < 5000; ++i)
+		node.append_child(STR("c")).text().set(i % 10);
+
+	pugi::xpath_query q(STR("/"));
+	size_t size = q.evaluate_string(0, 0, node);
+
+	CHECK(size == 5001);
+}
+
 #endif
-- 
cgit v1.2.3