Prevent integer-overflow in htmlSkipBlankChars() and xmlSkipBlankChars() (!169) · Merge requests · GNOME / libxml2 · GitLab

David Kilzer requested to merge ddkilzer/oss-fuzz-44803-integer-overflow-in-xmlSkipBlankChars into master Apr 08, 2022

HTMLparser.c: (htmlSkipBlankChars):
parser.c: (xmlSkipBlankChars):

Switch res from int to size_t, then cap the return value at INT_MAX.
The commit range that OSS-Fuzz listed for the fix didn't make any changes to xmlSkipBlankChars(), so it seems like this issue may still exist.

Found by OSS-Fuzz Issue 44803.