# HG changeset patch
# User Nick Wellnhofer <wellnhofer@aevum.de>
# Date 1612236495 -3600
#      Tue Feb 02 04:28:15 2021 +0100
# Node ID 9e964711d54ae546b75af74a53e8dd5ac477e7ba
# Parent  15225c40cf259b10302f26b88d606fab9cbc5a01
Fix double-free with stylesheets containing entity nodes

Fix broken logic to make sure that entity nodes are deleted from the
stylesheet. Note that stylesheets parsed with XML_PARSE_NOENT, which
is included in XSLT_PARSE_OPTIONS, aren't affected.

Found by OSS-Fuzz.

diff --git a/libxslt/xslt.c b/libxslt/xslt.c
--- a/libxslt/xslt.c
+++ b/libxslt/xslt.c
@@ -3656,12 +3656,8 @@
 	    (!xsltCheckExtURI(style, cur->ns->href))) {
 	    goto skip_children;
 	} else if (cur->children != NULL) {
-	    if ((cur->children->type != XML_ENTITY_DECL) &&
-		(cur->children->type != XML_ENTITY_REF_NODE) &&
-		(cur->children->type != XML_ENTITY_NODE)) {
-		cur = cur->children;
-		continue;
-	    }
+	    cur = cur->children;
+	    continue;
 	}
 
 skip_children: