[libxml2] Fix XPath fuzzer

[Nick Wellnhofer <nwellnhof src gnome org>]

commit 10a0794878ba2847527ec1eb34a3d4fdd934a140
Author: Nick Wellnhofer <wellnhofer aevum de>
Date:   Sat Aug 8 17:46:11 2020 +0200

    Fix XPath fuzzer

 fuzz/xpath.c     | 3 ++-
 fuzz/xpathSeed.c | 8 ++++++--
 2 files changed, 8 insertions(+), 3 deletions(-)
---
diff --git a/fuzz/xpath.c b/fuzz/xpath.c
index 1017adaa4..c10151fed 100644
--- a/fuzz/xpath.c
+++ b/fuzz/xpath.c
@@ -28,7 +28,8 @@ LLVMFuzzerTestOneInput(const char *data, size_t size) {
     expr = xmlFuzzReadString(&exprSize);
     xml = xmlFuzzReadString(&xmlSize);
 
-    doc = xmlParseMemory(xml, xmlSize);
+    /* Recovery mode allows more input to be fuzzed. */
+    doc = xmlReadMemory(xml, xmlSize, NULL, NULL, XML_PARSE_RECOVER);
     if (doc != NULL) {
         xmlXPathContextPtr xpctxt = xmlXPathNewContext(doc);
 
diff --git a/fuzz/xpathSeed.c b/fuzz/xpathSeed.c
index 3b6129846..2f6b59110 100644
--- a/fuzz/xpathSeed.c
+++ b/fuzz/xpathSeed.c
@@ -99,13 +99,16 @@ processXml(const char *testDir, xpathTestXml *xml, const char *subdir,
     char pattern[PATH_SIZE];
     glob_t globbuf;
     size_t i, size;
-    int ret = 0;
+    int ret = 0, res;
 
     size = snprintf(pattern, sizeof(pattern), "%s/%s/%s*",
                     testDir, subdir, xml->prefix);
     if (size >= PATH_SIZE)
         return(-1);
-    if (glob(pattern, 0, NULL, &globbuf) != 0)
+    res = glob(pattern, 0, NULL, &globbuf);
+    if (res == GLOB_NOMATCH)
+        return(0);
+    if (res != 0)
         return(-1);
 
     for (i = 0; i < globbuf.gl_pathc; i++) {
@@ -151,6 +154,7 @@ processXml(const char *testDir, xpathTestXml *xml, const char *subdir,
             } else {
                 char xptrExpr[EXPR_SIZE+100];
 
+                /* Wrap XPath expressions as XPointer */
                 snprintf(xptrExpr, sizeof(xptrExpr), "xpointer(%s)", expr);
                 xmlFuzzWriteString(out, xptrExpr);
             }