From 86105c0493f19ef8e1dd21ab5099613159224b4d Mon Sep 17 00:00:00 2001
From: David Kilzer <ddkilzer@apple.com>
Date: Sat, 15 Apr 2023 18:04:03 -0700
Subject: [PATCH] Fix use-after-free in xmlParseContentInternal()

* parser.c:
(xmlParseCharData):
- Check if the parser has stopped before advancing
  `ctxt->input->cur`.  This only occurs if a custom SAX error
  handler calls xmlStopParser() on fatal errors.

Fixes #518.

Reference:https://github.com/GNOME/libxml2/commit/86105c0493f19ef8e1dd21ab5099613159224b4d
Conflict:parser.c

---
 parser.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/parser.c b/parser.c
index f9b4012..ccddf07 100644
--- a/parser.c
+++ b/parser.c
@@ -4504,7 +4504,8 @@ get_more:
 	    if (*in == ']') {
 		if ((in[1] == ']') && (in[2] == '>')) {
 		    xmlFatalErr(ctxt, XML_ERR_MISPLACED_CDATA_END, NULL);
-		    ctxt->input->cur = in + 1;
+		    if (ctxt->instate != XML_PARSER_EOF)
+		    	ctxt->input->cur = in + 1;
 		    return;
 		}
 		in++;
-- 
2.27.0