pjumde: Hi! This bug report is empty. Do you plan to add more information?

Created attachment 323205 [details]
poc.c

Repro steps:

- cc -fsanitize=address -I/Users/pjumde/Documents/Debug/Safari/libxml2/libxml2/include -lxml2 poc.c -o poc
- DYLD_INSERT_LIBRARIES=./.libs/libxml2.2.dylib ./poc

Created attachment 323460 [details] [review]
Patch for stop-gap fix (appropriate for older branches/releases)

This is a safe fix for branches.

The comprehensive fix is to change the return type of xmlStrlen() to size_t so that it doesn't overflow.

Fix looks fine.

W.r.t. size_t, no, you can't change the API to return a 64bit when it was an
int as this is both an ABI and API breakage on a variety of platforms.
My life is too short at this point to try to version libxml2 API so int it is
int it will remain, sorry :)

Daniel

Fixed by commit 8fbbf5513d609c1770b391b99e33314cd0742704:

<https://git.gnome.org/browse/libxml2/commit/?id=8fbbf5513d609c1770b391b99e33314cd0742704>

Removing security group as commit is public