From bf2e96173d4f78f564015a925970077501586fbe Mon Sep 17 00:00:00 2001
From: Nick Wellnhofer <wellnhofer@aevum.de>
Date: Thu, 7 Nov 2019 12:54:01 +0100
Subject: [PATCH] Fix overflow handling in xmlBufBackToBuffer

Don't overwrite 'use' and 'size' members after clamping to INT_MAX.

Thanks to Ranier Vilela for pointing this out in merge request !56.
---
 buf.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/buf.c b/buf.c
index d46da36..3b212fc 100644
--- a/buf.c
+++ b/buf.c
@@ -1233,10 +1233,12 @@ xmlBufBackToBuffer(xmlBufPtr buf) {
          * Keep the buffer but provide a truncated size value.
          */
         xmlBufOverflowError(buf, "Allocated size too big for xmlBuffer");
+        ret->use = (int) buf->use;
         ret->size = INT_MAX;
+    } else {
+        ret->use = (int) buf->use;
+        ret->size = (int) buf->size;
     }
-    ret->use = (int) buf->use;
-    ret->size = (int) buf->size;
     ret->alloc = buf->alloc;
     ret->content = buf->content;
     ret->contentIO = buf->contentIO;
-- 
1.8.3.1