From a4dc944f37b664a3ca7199c624a98ee37babdb4b Mon Sep 17 00:00:00 2001
From: Rhodri James <rhodri@kynesim.co.uk>
Date: Tue, 25 Apr 2017 15:15:56 +0100
Subject: [PATCH] Prevent use of uninitialised variable

I don't believe the value of 'next' is actually used if it is not
set by the tokenizer, but this is very hard to prove.  For safety,
we give it a safe default value.
---
 expat/lib/xmlparse.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/expat/lib/xmlparse.c b/expat/lib/xmlparse.c
index ffdd3b88..81eca88e 100644
--- a/expat/lib/xmlparse.c
+++ b/expat/lib/xmlparse.c
@@ -5044,6 +5044,8 @@ processInternalEntity(XML_Parser parser, ENTITY *entity,
   openEntity->internalEventEndPtr = NULL;
   textStart = (char *)entity->textPtr;
   textEnd = (char *)(entity->textPtr + entity->textLen);
+  /* Set a safe default value in case 'next' does not get set */
+  next = textStart;
 
 #ifdef XML_DTD
   if (entity->is_param) {
@@ -5089,6 +5091,8 @@ internalEntityProcessor(XML_Parser parser,
   entity = openEntity->entity;
   textStart = ((char *)entity->textPtr) + entity->processed;
   textEnd = (char *)(entity->textPtr + entity->textLen);
+  /* Set a safe default value in case 'next' does not get set */
+  next = textStart;
 
 #ifdef XML_DTD
   if (entity->is_param) {