From 8a0c66986e68c1c23fc3bb421b73465937c803b2 Mon Sep 17 00:00:00 2001
From: Nick Wellnhofer <wellnhofer@aevum.de>
Date: Tue, 4 Jul 2017 17:13:06 +0200
Subject: [PATCH] Fix NULL pointer deref in xmlFAParseCharClassEsc

Found with libFuzzer.
---
 xmlregexp.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/xmlregexp.c b/xmlregexp.c
index 7dc6eeaf..019399fd 100644
--- a/xmlregexp.c
+++ b/xmlregexp.c
@@ -4881,7 +4881,8 @@ xmlFAParseCharClassEsc(xmlRegParserCtxtPtr ctxt) {
 	}
 	NEXT;
 	xmlFAParseCharProp(ctxt);
-	ctxt->atom->neg = 1;
+        if (ctxt->atom != NULL)
+	    ctxt->atom->neg = 1;
 	if (CUR != '}') {
 	    ERROR("Expecting '}'");
 	    return;