[libxml2] Fix a segfault on XSD validation on pattern error

[Daniel Veillard <veillard src gnome org>]

commit 40851d0c5975a8fde9498f72f3f5d96ad3194dc5
Author: Daniel Veillard <veillard redhat com>
Date:   Fri Aug 17 20:34:05 2012 +0800

    Fix a segfault on XSD validation on pattern error
    
    As reported by Sven <sven e7o de>:
    The following pattern will cause a segmentation fault in my
    Apache (using PHP5 to validate a XML against a XSD):
    
    <xs:pattern value="(.*)|"/>
    
    Fix a cascade of error handling failures which led to the
    crash in that scenario.

 xmlregexp.c |    8 +++++++-
 1 files changed, 7 insertions(+), 1 deletions(-)
---
diff --git a/xmlregexp.c b/xmlregexp.c
index 8a8be98..b952708 100644
--- a/xmlregexp.c
+++ b/xmlregexp.c
@@ -3202,7 +3202,7 @@ xmlFARegExec(xmlRegexpPtr comp, const xmlChar *content) {
         memset(exec->counts, 0, comp->nbCounters * sizeof(int));
     } else
 	exec->counts = NULL;
-    while ((exec->status == 0) &&
+    while ((exec->status == 0) && (exec->state != NULL) &&
 	   ((exec->inputString[exec->index] != 0) ||
 	    ((exec->state != NULL) &&
 	     (exec->state->type != XML_REGEXP_FINAL_STATE)))) {
@@ -3456,6 +3456,8 @@ error:
 	}
 	xmlFree(exec->rollbacks);
     }
+    if (exec->state == NULL)
+        return(-1);
     if (exec->counts != NULL)
 	xmlFree(exec->counts);
     if (exec->status == 0)
@@ -5373,6 +5375,10 @@ xmlFAParseRegExp(xmlRegParserCtxtPtr ctxt, int top) {
     end = ctxt->state;
     while ((CUR == '|') && (ctxt->error == 0)) {
 	NEXT;
+	if (CUR == 0) {
+	    ERROR("expecting a branch after |")
+	    return;
+	}
 	ctxt->state = start;
 	ctxt->end = NULL;
 	xmlFAParseBranch(ctxt, end);