[libxml2] ChunkParser: Incorrect decoding of small xml files

[Daniel Veillard <veillard src gnome org>]

commit ba9716a1978001d5a7560cfcf46fe4846c36bbc0
Author: Raul Hudea <rhudea adobe com>
Date:   Mon Mar 15 10:13:29 2010 +0100

    ChunkParser: Incorrect decoding of small xml files
    
    if encoding was autodetected, in xmlParseChunk, if initial size is 86 (a
    chunk in UTF-16 encoding), the code that tries to read only the first line
    will set the size to 90, which eventually leads to a memmove of 90 bytes
    (in xmlBufferAdd) which will copy extra random memory bytes, which will
    make the parser to fail because of these extra bytes.

 parser.c |   13 +++++++++++--
 1 files changed, 11 insertions(+), 2 deletions(-)
---
diff --git a/parser.c b/parser.c
index 0834d13..85e7599 100644
--- a/parser.c
+++ b/parser.c
@@ -11562,8 +11562,17 @@ xmldecl_done:
             if (ctxt->input->buf->rawconsumed < len)
                 len -= ctxt->input->buf->rawconsumed;
 
-            remain = size - len;
-            size = len;
+            /*
+             * Change size for reading the initial declaration only
+             * if size is greater than len. Otherwise, memmove in xmlBufferAdd
+             * will blindly copy extra bytes from memory.
+             */
+            if (size > len) {
+                remain = size - len;
+                size = len;
+            } else {
+                remain = 0;
+            }
         }
 	res =xmlParserInputBufferPush(ctxt->input->buf, size, chunk);
 	if (res < 0) {