From 37a7275bd4c2cf8fae148c7d0b7ad512147fb70f Mon Sep 17 00:00:00 2001
From: David King <dking@redhat.com>
Date: Wed, 2 Jul 2025 14:03:42 +0100
Subject: [PATCH] Fix CVE-2025-49796 (RHEL-96421)

Resolves: RHEL-96421
---
 libxml2-2.12.5-CVE-2025-49796.patch | 40 +++++++++++++++++++++++++++++
 libxml2.spec                        |  3 +++
 2 files changed, 43 insertions(+)
 create mode 100644 libxml2-2.12.5-CVE-2025-49796.patch

diff --git a/libxml2-2.12.5-CVE-2025-49796.patch b/libxml2-2.12.5-CVE-2025-49796.patch
new file mode 100644
index 0000000..2b12616
--- /dev/null
+++ b/libxml2-2.12.5-CVE-2025-49796.patch
@@ -0,0 +1,40 @@
+From 12ef9e5bb7b4bf4f901a2a34b6609a908b1544af Mon Sep 17 00:00:00 2001
+From: David King <dking@redhat.com>
+Date: Wed, 2 Jul 2025 13:56:53 +0100
+Subject: [PATCH] Fix CVE-2025-49796
+
+Fix for type confusion in CVE-2025-49796, for the specific case
+mentioned in the vulnerability report. A more general fix should be
+applied in the future, after upstream review.
+
+https://gitlab.gnome.org/GNOME/libxml2/-/issues/933
+---
+ schematron.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/schematron.c b/schematron.c
+index ba7fa56c..47f97c04 100644
+--- a/schematron.c
++++ b/schematron.c
+@@ -26,6 +26,7 @@
+ #ifdef LIBXML_SCHEMATRON_ENABLED
+ 
+ #include <stdlib.h>
++#include <stdint.h>
+ #include <string.h>
+ #include <libxml/parser.h>
+ #include <libxml/tree.h>
+@@ -1442,7 +1443,9 @@ xmlSchematronFormatReport(xmlSchematronValidCtxtPtr ctxt,
+                 xmlFree(path);
+             }
+ 
+-            if ((node->ns == NULL) || (node->ns->prefix == NULL))
++            if ((node == NULL) || (node->ns == NULL)
++                               || ((uintptr_t)node->ns == (uintptr_t)-1) // Check for 0xffffffffffffffff
++                               || (node->ns->prefix == NULL))
+                 ret = xmlStrcat(ret, node->name);
+             else {
+                 ret = xmlStrcat(ret, node->ns->prefix);
+-- 
+2.49.0
+
diff --git a/libxml2.spec b/libxml2.spec
index 6be4317..c014dbd 100644
--- a/libxml2.spec
+++ b/libxml2.spec
@@ -30,6 +30,8 @@ Patch5:         libxml2-2.12.5-CVE-2025-6021.patch
 Patch6:         libxml2-2.12.5-CVE-2025-49794.patch
 # https://issues.redhat.com/browse/RHEL-96408
 Patch7:         libxml2-2.12.5-CVE-2025-49795.patch
+# https://issues.redhat.com/browse/RHEL-96421
+Patch8:         libxml2-2.12.5-CVE-2025-49796.patch
 
 BuildRequires:  cmake-rpm-macros
 BuildRequires:  gcc
@@ -174,6 +176,7 @@ popd
 - Fix CVE-2025-6021 (RHEL-96495)
 - Fix CVE-2025-49794 (RHEL-96395)
 - Fix CVE-2025-49795 (RHEL-96408)
+- Fix CVE-2025-49796 (RHEL-96421)
 
 * Mon Feb 24 2025 David King <dking@redhat.com> - 2.12.5-5
 - Fix CVE-2024-56171 (RHEL-80119)