http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3560 --- a/lib/xmlparse.c +++ b/lib/xmlparse.c @@ -3703,6 +3703,9 @@ doProlog(XML_Parser parser, return XML_ERROR_UNCLOSED_TOKEN; case XML_TOK_PARTIAL_CHAR: return XML_ERROR_PARTIAL_CHAR; + case -XML_TOK_PROLOG_S: + tok = -tok; + break; case XML_TOK_NONE: #ifdef XML_DTD /* for internal PE NOT referenced between declarations */