[libxml2/ddkilzer/oss-fuzz-44803-integer-overflow-in-xmlSkipBlankChars] Prevent integer-overflow in htmlSkipBlankChars() and xmlSkipBlankChars()

[David Kilzer <ddkilzer src gnome org>]

commit 978c9b3003a6d7fddd93112c459c2115f01128a7
Author: David Kilzer <ddkilzer webkit org>
Date:   Fri Apr 8 12:33:17 2022 -0700

    Prevent integer-overflow in htmlSkipBlankChars() and xmlSkipBlankChars()
    
    * HTMLparser.c:
    (htmlSkipBlankChars):
    * parser.c:
    (xmlSkipBlankChars):
    - Switch `res` from `int` to `size_t`, then cap the return value
      at INT_MAX.
    - The commit range that OSS-Fuzz listed for the fix didn't make
      any changes to xmlSkipBlankChars(), so it seems like this
      issue may still exist.
    
    Found by OSS-Fuzz Issue 44803.

 HTMLparser.c | 4 ++--
 parser.c     | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)
---
diff --git a/HTMLparser.c b/HTMLparser.c
index 9bd0fb34..0f83151d 100644
--- a/HTMLparser.c
+++ b/HTMLparser.c
@@ -584,7 +584,7 @@ encoding_error:
 
 static int
 htmlSkipBlankChars(xmlParserCtxtPtr ctxt) {
-    int res = 0;
+    size_t res = 0;
 
     while (IS_BLANK_CH(*(ctxt->input->cur))) {
        if ((*ctxt->input->cur == 0) &&
@@ -600,7 +600,7 @@ htmlSkipBlankChars(xmlParserCtxtPtr ctxt) {
        }
        res++;
     }
-    return(res);
+    return(res > INT_MAX ? INT_MAX : (int)res);
 }
 
 
diff --git a/parser.c b/parser.c
index 230872f4..16c3385e 100644
--- a/parser.c
+++ b/parser.c
@@ -2182,7 +2182,7 @@ static void xmlGROW (xmlParserCtxtPtr ctxt) {
 
 int
 xmlSkipBlankChars(xmlParserCtxtPtr ctxt) {
-    int res = 0;
+    size_t res = 0;
 
     /*
      * It's Okay to use CUR/NEXT here since all the blanks are on
@@ -2241,7 +2241,7 @@ xmlSkipBlankChars(xmlParserCtxtPtr ctxt) {
            res++;
         }
     }
-    return(res);
+    return(res > INT_MAX ? INT_MAX : (int)res);
 }
 
 /************************************************************************