ofz#7621 tight OUString concat loop causes libfuzzer oom

it doesn't get a chance to release memory and falls over with
an oom

Change-Id: I20eb91223de3aa00f3e2f4131ad212f1cfde6ff3

1 files changed, 6 insertions, 2 deletions

diff --git a/svtools/source/svhtml/parhtml.cxx b/svtools/source/svhtml/parhtml.cxx
index be3167d30053..d887f4084ab8 100644
--- a/svtools/source/svhtml/parhtml.cxx
+++ b/svtools/source/svhtml/parhtml.cxx
@@ -1218,12 +1218,15 @@ HtmlTokenId HTMLParser::GetNextToken_()
 
                         bool bDone = false;
                         // Read until closing %>. If not found restart at first >.
+                        sal_Unicode nLastTokenChar = !aToken.isEmpty() ? aToken[aToken.getLength() - 1] : 0;
+                        OUStringBuffer aTmpBuffer(aToken);
                         while( !bDone && !rInput.eof() && IsParserWorking() )
                         {
-                            bDone = '>'==nNextCh && aToken.endsWith("%");
+                            bDone = '>'==nNextCh && nLastTokenChar == '%';
                             if( !bDone )
                             {
-                                aToken += OUString(&nNextCh,1);
+                                aTmpBuffer.appendUtf32(nNextCh);
+                                nLastTokenChar = aTmpBuffer[aTmpBuffer.getLength() - 1];
                                 nNextCh = GetNextChar();
                             }
                         }
@@ -1237,6 +1240,7 @@ HtmlTokenId HTMLParser::GetNextToken_()
                             nRet = HtmlTokenId::TEXTTOKEN;
                             break;
                         }
+                        aToken = aTmpBuffer.makeStringAndClear();
                         if( IsParserWorking() )
                         {
                             sSaveToken = aToken;