From 003d0baef83a3c694fba6f194cfc8c14bc035082 Mon Sep 17 00:00:00 2001
From: Nick Wellnhofer <wellnhofer@aevum.de>
Date: Mon, 21 Nov 2022 22:07:11 +0100
Subject: [PATCH 23/28] parser: Restore parser state in xmlParseCDSect

Fixes #441.

Reference: https://github.com/GNOME/libxml2/commit/94ca36c2c48ad3857175ea66a373e51e67b98f00
Conflict: parser.c:<xmlParseCDSect>
---
 parser.c | 25 +++++++++++--------------
 1 file changed, 11 insertions(+), 14 deletions(-)

diff --git a/parser.c b/parser.c
index 6e55838..4360479 100644
--- a/parser.c
+++ b/parser.c
@@ -9788,22 +9788,20 @@ xmlParseCDSect(xmlParserCtxtPtr ctxt) {
     r = CUR_CHAR(rl);
     if (!IS_CHAR(r)) {
 	xmlFatalErr(ctxt, XML_ERR_CDATA_NOT_FINISHED, NULL);
-	ctxt->instate = XML_PARSER_CONTENT;
-        return;
+        goto out;
     }
     NEXTL(rl);
     s = CUR_CHAR(sl);
     if (!IS_CHAR(s)) {
 	xmlFatalErr(ctxt, XML_ERR_CDATA_NOT_FINISHED, NULL);
-	ctxt->instate = XML_PARSER_CONTENT;
-        return;
+        goto out;
     }
     NEXTL(sl);
     cur = CUR_CHAR(l);
     buf = (xmlChar *) xmlMallocAtomic(size * sizeof(xmlChar));
     if (buf == NULL) {
 	xmlErrMemory(ctxt, NULL);
-	return;
+	goto out;
     }
     while (IS_CHAR(cur) &&
            ((r != ']') || (s != ']') || (cur != '>'))) {
@@ -9812,9 +9810,8 @@ xmlParseCDSect(xmlParserCtxtPtr ctxt) {
 
 	    tmp = (xmlChar *) xmlRealloc(buf, size * 2 * sizeof(xmlChar));
 	    if (tmp == NULL) {
-	        xmlFree(buf);
 		xmlErrMemory(ctxt, NULL);
-		return;
+		goto out;
 	    }
 	    buf = tmp;
 	    size *= 2;
@@ -9829,8 +9826,7 @@ xmlParseCDSect(xmlParserCtxtPtr ctxt) {
 	    SHRINK;
 	    GROW;
             if (ctxt->instate == XML_PARSER_EOF) {
-		xmlFree(buf);
-		return;
+                goto out;
             }
 	    count = 0;
 	}
@@ -9839,17 +9835,14 @@ xmlParseCDSect(xmlParserCtxtPtr ctxt) {
         if (len > maxLength) {
             xmlFatalErrMsg(ctxt, XML_ERR_CDATA_NOT_FINISHED,
                            "CData section too big found\n");
-            xmlFree(buf);
-            return;
+            goto out;
         }
     }
     buf[len] = 0;
-    ctxt->instate = XML_PARSER_CONTENT;
     if (cur != '>') {
 	xmlFatalErrMsgStr(ctxt, XML_ERR_CDATA_NOT_FINISHED,
 	                     "CData section not finished\n%.50s\n", buf);
-	xmlFree(buf);
-        return;
+        goto out;
     }
     NEXTL(l);
 
@@ -9862,6 +9855,10 @@ xmlParseCDSect(xmlParserCtxtPtr ctxt) {
 	else if (ctxt->sax->characters != NULL)
 	    ctxt->sax->characters(ctxt->userData, buf, len);
     }
+
+out:
+    if (ctxt->instate != XML_PARSER_EOF)
+        ctxt->instate = XML_PARSER_CONTENT;
     xmlFree(buf);
 }
 
-- 
2.27.0