[CVE-2024-25062] xmlreader: Don't expand XIncludes when backtracking
Fixes a use-after-free if XML Reader if used with DTD validation and
XInclude expansion.
Fixes #604.
diff --git a/xmlreader.c b/xmlreader.c
index 5c37738..1f90330 100644
--- a/xmlreader.c
+++ b/xmlreader.c
@@ -1378,6 +1378,7 @@
* Handle XInclude if asked for
*/
if ((reader->xinclude) && (reader->in_xinclude == 0) &&
+ (reader->state != XML_TEXTREADER_BACKTRACK) &&
(reader->node != NULL) &&
(reader->node->type == XML_ELEMENT_NODE) &&
(reader->node->ns != NULL) &&