malloc-fail: Fix buffer overread with HTML doctype declarations

Found by OSS-Fuzz, see #344.
2025-10-24 13:33:01 +03:00 · 2023-03-26 22:40:54 +02:00
parent a6b9e55a9e
commit 1061537efd
1 changed files with 2 additions and 2 deletions
--- a/HTMLparser.c
+++ b/HTMLparser.c
@@ -3010,9 +3010,9 @@ htmlParseSystemLiteral(htmlParserCtxtPtr ctxt) {
        htmlParseErr(ctxt, XML_ERR_LITERAL_NOT_FINISHED,
                     "Unfinished SystemLiteral\n", NULL, NULL);
    } else {
-        NEXT;
        if (err == 0)
            ret = xmlStrndup((BASE_PTR+startPosition), len);
+        NEXT;
    }

    return(ret);
@@ -3065,9 +3065,9 @@ htmlParsePubidLiteral(htmlParserCtxtPtr ctxt) {
        htmlParseErr(ctxt, XML_ERR_LITERAL_NOT_FINISHED,
                     "Unfinished PubidLiteral\n", NULL, NULL);
    } else {
-        NEXT;
        if (err == 0)
            ret = xmlStrndup((BASE_PTR + startPosition), len);
+        NEXT;
    }

    return(ret);