Fix double free in XML reader with XIncludes An XInclude with empty fallback could lead to a double free in xmlTextReaderRead. Found by OSS-Fuzz.

commit: ba589adc2f86c6be9ad7e0d771d4c9b09d059b89 [log] [tgz]
author: Nick Wellnhofer <wellnhofer@aevum.de> Tue Aug 25 23:50:39 2020 +0200
committer: Nick Wellnhofer <wellnhofer@aevum.de> Wed Aug 26 00:22:47 2020 +0200
tree: ad9397709fd91f5dc801969a4fed6f702e5578e2
parent: 6f1470a5d6e3e369fe93f52d5760ba7c947f0cd1 [diff]
diff --git a/xmlreader.c b/xmlreader.c
index 6ae6e92..1ab15ba 100644
--- a/xmlreader.c
+++ b/xmlreader.c

@@ -1491,6 +1491,8 @@
             (reader->node->prev->type != XML_DTD_NODE)) {
 	    xmlNodePtr tmp = reader->node->prev;
 	    if ((tmp->extra & NODE_IS_PRESERVED) == 0) {
+                if (oldnode == tmp)
+                    oldnode = NULL;
 		xmlUnlinkNode(tmp);
 		xmlTextReaderFreeNode(reader, tmp);
 	    }
commit	ba589adc2f86c6be9ad7e0d771d4c9b09d059b89	[log] [tgz]
author	Nick Wellnhofer <wellnhofer@aevum.de>	Tue Aug 25 23:50:39 2020 +0200
committer	Nick Wellnhofer <wellnhofer@aevum.de>	Wed Aug 26 00:22:47 2020 +0200
tree	ad9397709fd91f5dc801969a4fed6f702e5578e2
parent	6f1470a5d6e3e369fe93f52d5760ba7c947f0cd1 [diff]