The memchr() used to look for the LF character must consider the end of
input, not just the output buffer size.
This was found by oss-fuzz:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=71096
No backport is needed.
return NULL;
size--; /* keep fgets behaviour, reads at most one less than size */
+ if (size > end - *position)
+ size = end - *position;
+
new_pos = memchr(*position, '\n', size);
if (new_pos) {
/* '+1' to grab and copy '\n' at the end of line */