[libxml2] Make sure that xmlParseQName returns NULL in error case

[Nick Wellnhofer <nwellnhof src gnome org>]

commit 5ccac8cecffd58feb92cb8f508cdb74d84702810
Author: Nick Wellnhofer <wellnhofer aevum de>
Date:   Thu Jun 27 10:23:36 2019 +0200

    Make sure that xmlParseQName returns NULL in error case
    
    If there's an error growing the input buffer when recovering from
    invalid QNames, make sure to return NULL. Otherwise, callers could be
    confused. In xmlParseStartTag2, for example, `tlen` could become
    negative.
    
    Found by OSS-Fuzz.

 parser.c | 4 ++++
 1 file changed, 4 insertions(+)
---
diff --git a/parser.c b/parser.c
index 459502b5..448d160b 100644
--- a/parser.c
+++ b/parser.c
@@ -8723,6 +8723,8 @@ xmlParseQName(xmlParserCtxtPtr ctxt, const xmlChar **prefix) {
        if (l == NULL) {
            xmlChar *tmp;
 
+            if (ctxt->instate == XML_PARSER_EOF)
+                return(NULL);
             xmlNsErr(ctxt, XML_NS_ERR_QNAME,
                     "Failed to parse QName '%s:'\n", p, NULL, NULL);
            l = xmlParseNmtoken(ctxt);
@@ -8751,6 +8753,8 @@ xmlParseQName(xmlParserCtxtPtr ctxt, const xmlChar **prefix) {
                *prefix = p;
                return(l);
            }
+            if (ctxt->instate == XML_PARSER_EOF)
+                return(NULL);
            tmp = xmlBuildQName(BAD_CAST "", l, NULL, 0);
            l = xmlDictLookup(ctxt->dict, tmp, -1);
            if (tmp != NULL) xmlFree(tmp);