From 31c6ce3b63f8a494ad9e31ca65187a73d8ad3508 Mon Sep 17 00:00:00 2001
From: Nick Wellnhofer <wellnhofer@aevum.de>
Date: Mon, 9 Nov 2020 17:55:44 +0100
Subject: [PATCH] Avoid call stack overflow with XML reader and recursive
 XIncludes

Don't process XIncludes in the result of another inclusion to avoid
infinite recursion resulting in a call stack overflow.

This is something the XInclude engine shouldn't allow but correct
handling of intra-document includes would require major changes.

Found by OSS-Fuzz.

Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/-/commit/31c6ce3b63f8a494ad9e31ca65187a73d8ad3508]
CVE: CVE-2024-25062 #Dependency Patch
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
---
 xmlreader.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/xmlreader.c b/xmlreader.c
index 01adf74f4..72e40b032 100644
--- a/xmlreader.c
+++ b/xmlreader.c
@@ -1585,7 +1585,8 @@ node_found:
     /*
      * Handle XInclude if asked for
      */
-    if ((reader->xinclude) && (reader->node != NULL) &&
+    if ((reader->xinclude) && (reader->in_xinclude == 0) &&
+        (reader->node != NULL) &&
 	(reader->node->type == XML_ELEMENT_NODE) &&
 	(reader->node->ns != NULL) &&
 	((xmlStrEqual(reader->node->ns->href, XINCLUDE_NS)) ||
-- 
GitLab