From fb2f518cc61239a4010612c9307a3fd7d13c996c Mon Sep 17 00:00:00 2001
From: Nick Wellnhofer <wellnhofer@aevum.de>
Date: Sat, 10 Jun 2017 17:06:16 +0200
Subject: Fix potential infinite loop in xmlStringLenDecodeEntities

Make sure that xmlParseStringPEReference advances the "str" pointer
even if the parser was stopped. Otherwise xmlStringLenDecodeEntities
can loop infinitely.
---
 parser.c | 1 +
 1 file changed, 1 insertion(+)

(limited to 'parser.c')

diff --git a/parser.c b/parser.c
index 781aa0c5..1e23d26a 100644
--- a/parser.c
+++ b/parser.c
@@ -8327,6 +8327,7 @@ xmlParseStringPEReference(xmlParserCtxtPtr ctxt, const xmlChar **str) {
 	entity = ctxt->sax->getParameterEntity(ctxt->userData, name);
     if (ctxt->instate == XML_PARSER_EOF) {
 	xmlFree(name);
+	*str = ptr;
 	return(NULL);
     }
     if (entity == NULL) {
-- 
cgit v1.2.1