[CVE-2024-25062] xmlreader: Don't expand XIncludes when backtracking Fixes a use-after-free if XML Reader if used with DTD validation and XInclude expansion. Fixes #604.

commit: 92721970884fcc13305cb8e23cdc5f0dd7667c2c [log] [tgz]
author: Nick Wellnhofer <wellnhofer@aevum.de> Sat Oct 14 22:45:54 2023 +0200
committer: Nick Wellnhofer <wellnhofer@aevum.de> Sun Feb 04 14:44:15 2024 +0100
tree: 42e600f846b206e9373bc2088a45bb3f31c74c4b
parent: 8b9b972aaa4970f3983085ad59930614c5f6aa57 [diff]
diff --git a/xmlreader.c b/xmlreader.c
index 5c37738..1f90330 100644
--- a/xmlreader.c
+++ b/xmlreader.c

@@ -1378,6 +1378,7 @@
      * Handle XInclude if asked for
      */
     if ((reader->xinclude) && (reader->in_xinclude == 0) &&
+        (reader->state != XML_TEXTREADER_BACKTRACK) &&
         (reader->node != NULL) &&
 	(reader->node->type == XML_ELEMENT_NODE) &&
 	(reader->node->ns != NULL) &&
commit	92721970884fcc13305cb8e23cdc5f0dd7667c2c	[log] [tgz]
author	Nick Wellnhofer <wellnhofer@aevum.de>	Sat Oct 14 22:45:54 2023 +0200
committer	Nick Wellnhofer <wellnhofer@aevum.de>	Sun Feb 04 14:44:15 2024 +0100
tree	42e600f846b206e9373bc2088a45bb3f31c74c4b
parent	8b9b972aaa4970f3983085ad59930614c5f6aa57 [diff]