From 44ecefc8cc299a66ac21ffec141eb261e92638da Mon Sep 17 00:00:00 2001
From: Nick Wellnhofer <wellnhofer@aevum.de>
Date: Mon, 20 Mar 2023 15:52:38 +0100
Subject: malloc-fail: Fix buffer overread after htmlParseScript

Found by OSS-Fuzz, see #344.
---
 HTMLparser.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/HTMLparser.c b/HTMLparser.c
index ca3ebc41..81bd11f9 100644
--- a/HTMLparser.c
+++ b/HTMLparser.c
@@ -3139,6 +3139,7 @@ htmlParseScript(htmlParserCtxtPtr ctxt) {
             htmlParseErrInt(ctxt, XML_ERR_INVALID_CHAR,
                             "Invalid char in CDATA 0x%X\n", cur);
         }
+	NEXTL(l);
 	if (nbchar >= HTML_PARSER_BIG_BUFFER_SIZE) {
             buf[nbchar] = 0;
 	    if (ctxt->sax->cdataBlock!= NULL) {
@@ -3152,7 +3153,6 @@ htmlParseScript(htmlParserCtxtPtr ctxt) {
 	    nbchar = 0;
             SHRINK;
 	}
-	NEXTL(l);
 	cur = CUR_CHAR(l);
     }
 
-- 
cgit v1.2.1