From 78fce372041d53cfeaaf2c11c71d07eef55ecfd1 Mon Sep 17 00:00:00 2001
From: Nick Wellnhofer <wellnhofer@aevum.de>
Date: Wed, 8 May 2024 11:49:31 +0200
Subject: [PATCH] Fix buffer overread with `xmllint --htmlout`

Add a missing bounds check.

Upstream-Status: Backport from [https://gitlab.gnome.org/GNOME/libxml2/-/commit/2876ac5392a4e891b81e40e592c3ac6cb46016ce]
CVE: CVE-2024-34459
Signed-off-by: Siddharth Doshi <sdoshi@mvista.com>
---
 xmllint.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/xmllint.c b/xmllint.c
index ee6bfdc..2f792f1 100644
--- a/xmllint.c
+++ b/xmllint.c
@@ -602,7 +602,7 @@ xmlHTMLPrintFileContext(xmlParserInputPtr input) {
     len = strlen(buffer);
     snprintf(&buffer[len], sizeof(buffer) - len, "\n");
     cur = input->cur;
-    while ((*cur == '\n') || (*cur == '\r'))
+    while ((cur > base) && ((*cur == '\n') || (*cur == '\r')))
 	cur--;
     n = 0;
     while ((cur != base) && (n++ < 80)) {
-- 
2.25.1