This is a reocurrence of bug #72714 .

Impact

Out of bounds read can leak heap contents.

<?php
$sample = "<?xml version=\"1.0\"?><test><child/></test>";
$parser = xml_parser_create();
xml_parser_set_option($parser, XML_OPTION_SKIP_TAGSTART, 100);
$res = xml_parse_into_struct($parser,$sample,$vals,$index);
var_dump($vals);

If we set XML_OPTION_SKIP_TAGSTART to a high value, we can read out of bounds.
It doesn't even have to be a crazy high value, as long as an attacker can supply XML with shorter tag names than expected they can trigger an OOB read.
I coincidentally came across this by reviewing xml.c, I noticed this is a reocurrence of https://bugs.php.net/bug.php?id=72714
This was originally fixed in 9164dc1, but it seems the fix was either incomplete or not merged properly.
Granted, this option is rarely used.

Workarounds

Don't use XML_OPTION_SKIP_TAGSTART.