Egbert Eich - 2021-10-25

The proposed patch is incorrect: the memove() destination (s + c) does not have to contain valid data. The calculation performed seems to ensure that the move will fit into the bounds of the memory (re)allocated.
The patch causes issues with perfectly valid XML.
Also, performing an exit(-1) when the test condition fails would be the wrong way to handle an error condition anyway.
In my tests the issue demonstrated by the test case was resolved by the fix for CVE-2019-20006 in bug 15.