From 44ecefc8cc299a66ac21ffec141eb261e92638da Mon Sep 17 00:00:00 2001
From: Nick Wellnhofer <wellnhofer@aevum.de>
Date: Mon, 20 Mar 2023 15:52:38 +0100
Subject: [PATCH] malloc-fail: Fix buffer overread after htmlParseScript

Found by OSS-Fuzz, see #344.

Reference:https://github.com/GNOME/libxml2/commit/44ecefc8cc299a66ac21ffec141eb261e92638da
Conflict:HTMLparser.c

---
 HTMLparser.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/HTMLparser.c b/HTMLparser.c
index 0cc9824..4f1a3d8 100644
--- a/HTMLparser.c
+++ b/HTMLparser.c
@@ -3137,6 +3137,7 @@ htmlParseScript(htmlParserCtxtPtr ctxt) {
             htmlParseErrInt(ctxt, XML_ERR_INVALID_CHAR,
                             "Invalid char in CDATA 0x%X\n", cur);
         }
+	NEXTL(l);
 	if (nbchar >= HTML_PARSER_BIG_BUFFER_SIZE) {
             buf[nbchar] = 0;
 	    if (ctxt->sax->cdataBlock!= NULL) {
@@ -3149,7 +3150,6 @@ htmlParseScript(htmlParserCtxtPtr ctxt) {
 	    }
 	    nbchar = 0;
 	}
-	NEXTL(l);
 	GROW;
 	cur = CUR_CHAR(l);
     }
-- 
2.27.0