From 1593b36a4a7551f2f1ebb50dce5480048209bc77 Mon Sep 17 00:00:00 2001
From: ooxi <85fcd0ef4ec8@f977375cdcd6.anonbox.net>
Date: Thu, 1 Nov 2012 00:53:26 +0100
Subject: [PATCH] Fixed memory corruption caused by off-by-one error

---
 src/xml.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/xml.c b/src/xml.c
index a9fb15e..aa8b905 100644
--- a/src/xml.c
+++ b/src/xml.c
@@ -544,7 +544,7 @@ static struct xml_node* xml_parse_node(struct xml_parser* parser) {
 		 */
 		size_t old_elements = get_zero_terminated_array_elements(children);
 		size_t new_elements = old_elements + 1;
-		children = realloc(children, new_elements * sizeof(struct xml_node*));
+		children = realloc(children, (new_elements + 1) * sizeof(struct xml_node*));
 
 		/* Save child
 		 */