malloc-fail: Fix infinite loop in htmlParseStartTag

Found with libFuzzer, see #344.
2024-10-26 12:25:09 +03:00 · 2023-02-16 14:57:24 +01:00 · 2023-02-16 14:57:24 +01:00 · 0ec9c91064
commit 0ec9c91064
parent 04c2955197
1 changed files with 2 additions and 1 deletions
--- a/HTMLparser.c
+++ b/HTMLparser.c
@ -4098,7 +4098,8 @@ htmlParseStartTag(htmlParserCtxtPtr ctxt) {
 	     * the end of the tag. */
 	    while ((CUR != 0) &&
 	           !(IS_BLANK_CH(CUR)) && (CUR != '>') &&
-		   ((CUR != '/') || (NXT(1) != '>')))
+		   ((CUR != '/') || (NXT(1) != '>')) &&
+                   (ctxt->instate != XML_PARSER_EOF))
 		NEXT;
 	}