(Apologies for the noise, I'm new to this. One more attempt to resend this as text-only for those who have seen this email multiple times). Thank you for the feedback. The problem here is that there is a heap buffer overflow found by fuzzing with the following testcase: `<sequence><foo/><text/></sequence>` This causes the `compute_seq_size(ctx_data->stack_head->data);` to be called on `ctx_data->stack_head->data` that isn't a sequence type. This patch adds some type checks to guard against that. I don't believe a regression test using valgrind would catch this -- we used AddressSanitizer to detect this. While fixing this, we also discovered a memory leak in the error handling path touched by the patch (` if (g_markup_parse_context_parse(ctx, data, size, NULL) == FALSE) `), which we included a fix for. Would it be better if we separated out the heap buffer overflow fix and the memory leak fix into 2 separate commits? Best, Oliver
