The bug I encountered was quite the corner case, I'm not surprised nobody's noticed it. It's because the strings here are not zero-terminated by default, but `parse_user_data` requires a zero-terminated string by virtue of documentation. The bug I got was during diameter Cx registration termination requests with very specific XMLs being received, I managed to hit a place that was passing a string that was not zero-terminated. The end result was a failed check against the XML schema and the request being interpreted as invalid. I believe I've solved the issue fundamentally by using `xmlParseMemory` instead of `xmlParseDoc` because the latter requires a zero-terminated string, while the former works with a buffer length, which is exactly what the strings here do.
Thanks!