From fef12ed81619c79729bf66a906701308a02d6b2b Mon Sep 17 00:00:00 2001
From: Nick Wellnhofer <wellnhofer@aevum.de>
Date: Wed, 11 Oct 2023 13:32:54 +0200
Subject: [PATCH] buf: Also reset input in error case

Avoid dangling pointers if memory allocation failed. This could cause
a use-after-free after recent changes.

Found by OSS-Fuzz.

Reference:https://github.com/GNOME/libxml2/commit/fef12ed81619c79729bf66a906701308a02d6b2b
Conflict:NA
---
 buf.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/buf.c b/buf.c
index e0afd798c..266395f48 100644
--- a/buf.c
+++ b/buf.c
@@ -1017,8 +1017,12 @@ xmlBufMergeBuffer(xmlBufPtr buf, xmlBufferPtr buffer) {
  */
 int
 xmlBufResetInput(xmlBufPtr buf, xmlParserInputPtr input) {
-    if ((input == NULL) || (buf == NULL) || (buf->error))
+    if (input == NULL)
         return(-1);
+    if ((buf == NULL) || (buf->error)) {
+        input->base = input->cur = input->end = BAD_CAST "";
+        return(-1);
+    }
     CHECK_COMPAT(buf)
     input->base = input->cur = buf->content;
     input->end = &buf->content[buf->use];