MFC r200392:

Apply two vendor fixes for CVE-2009-3720.

Security:	CVE-2009-3720

contrib/expat/lib/xmlparse.c

@@ -3725,7 +3725,6 @@ doProlog(XML_Parser parser,
         return XML_ERROR_NO_ELEMENTS;
       default:
         tok = -tok;
-        next = end;
         break;
       }
     }

contrib/expat/lib/xmltok_impl.c

@@ -1744,7 +1744,7 @@ PREFIX(updatePosition)(const ENCODING *enc,
                        const char *end,
                        POSITION *pos)
 {
-  while (ptr != end) {
+  while (ptr < end) {
     switch (BYTE_TYPE(enc, ptr)) {
 #define LEAD_CASE(n) \
     case BT_LEAD ## n: \