xml BUGFIX heap oob crash issues in lyxml_parse_value (#1129)

Fix an out of bounds write that appeared due to buf being increased in size
only once, even if len + offset + 4 were larger than size by a number
larger than BUFSIZE_STEP. Incrementally increase the buffer size, as long as it
is smaller than len + offset + 4.

Fix uninitialized variable u used to store a UTF-8 character in the same
function to stop valgrind complains about uninitialized reads.
diff --git a/src/xml.c b/src/xml.c
index 02f7f4b..67819ee 100644
--- a/src/xml.c
+++ b/src/xml.c
@@ -383,6 +383,8 @@
         dst[3] = 0x80 | (value & 0x3f);
 
         (*bytes_written) = 4;
+    } else {
+	    return LY_EINVAL;
     }
     return LY_SUCCESS;
 }
@@ -437,7 +439,7 @@
             /* allocate enough for the offset and next character,
              * we will need 4 bytes at most since we support only the predefined
              * (one-char) entities and character references */
-            if (len + offset + 4 >= size) {
+            while (len + offset + 4 >= size) {
                 buf = ly_realloc(buf, size + BUFSIZE_STEP);
                 LY_CHECK_ERR_RET(!buf, LOGMEM(ctx), LY_EMEM);
                 size += BUFSIZE_STEP;