From de1b51eddcc17fd7ed1bbcc6d5d7d529407dfbe2 Mon Sep 17 00:00:00 2001
From: Nick Wellnhofer <wellnhofer@aevum.de>
Date: Mon, 22 Feb 2021 12:25:29 +0100
Subject: [PATCH] Improve HTML fuzzer stability

Call htmlInitAutoClose during fuzzer initialization to fix stability
issue. Leave a note concerning problems with this function.
---
 HTMLparser.c | 4 ++++
 fuzz/html.c  | 2 ++
 2 files changed, 6 insertions(+)

diff --git a/HTMLparser.c b/HTMLparser.c
index c9a64c78..a795757c 100644
--- a/HTMLparser.c
+++ b/HTMLparser.c
@@ -1324,6 +1324,10 @@ htmlCheckAutoClose(const xmlChar * newtag, const xmlChar * oldtag)
     int i, indx;
     const char **closed = NULL;
 
+    /*
+     * FIXME: This is not thread-safe and should be called from
+     * xmlInitParser instead.
+     */
     if (htmlStartCloseIndexinitialized == 0)
         htmlInitAutoClose();
 
diff --git a/fuzz/html.c b/fuzz/html.c
index 449a9d49..313b6c5b 100644
--- a/fuzz/html.c
+++ b/fuzz/html.c
@@ -6,12 +6,14 @@
 
 #include <libxml/HTMLparser.h>
 #include <libxml/HTMLtree.h>
+#include <libxml/parserInternals.h>
 #include "fuzz.h"
 
 int
 LLVMFuzzerInitialize(int *argc ATTRIBUTE_UNUSED,
                      char ***argv ATTRIBUTE_UNUSED) {
     xmlInitParser();
+    htmlInitAutoClose();
     xmlSetGenericErrorFunc(NULL, xmlFuzzErrorFunc);
 
     return 0;