$NetBSD: patch-CVE-2012-5134,v 1.1 2012/12/15 12:39:24 drochner Exp $

--- parser.c.orig	2012-09-11 04:24:08.000000000 +0000
+++ parser.c
@@ -4075,7 +4075,7 @@ xmlParseAttValueComplex(xmlParserCtxtPtr
         goto error;
 
     if ((in_space) && (normalize)) {
-        while (buf[len - 1] == 0x20) len--;
+        while ((len > 0) && (buf[len - 1] == 0x20)) len--;
     }
     buf[len] = 0;
     if (RAW == '<') {
