http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3560

--- a/lib/xmlparse.c
+++ b/lib/xmlparse.c
@@ -3703,6 +3703,9 @@ doProlog(XML_Parser parser,
         return XML_ERROR_UNCLOSED_TOKEN;
       case XML_TOK_PARTIAL_CHAR:
         return XML_ERROR_PARTIAL_CHAR;
+      case -XML_TOK_PROLOG_S:
+        tok = -tok;
+        break;
       case XML_TOK_NONE:
 #ifdef XML_DTD
         /* for internal PE NOT referenced between declarations */