[libxml2] Fix potential crash on entities errors

[Daniel Veillard <veillard src gnome org>]

commit 28f5e1a2d6d9c1742b7daa305501bbe01a5753ab
Author: Daniel Veillard <veillard redhat com>
Date:   Tue Sep 4 11:18:39 2012 +0800

    Fix potential crash on entities errors
    
    Related to https://bugs.launchpad.net/lxml/+bug/502959
    
    Basically the core of the issue is that if an entity references another
    entity, then in case we are replacing entities content, we should always
    do so by copying the referenced content as long as the reference is
    done within the entity. Otherwise, if for some reason there is a later
    parsing error that entity content may be freed.
    
    Complex scenario exposed by command:
    thinkpad:~/XML/diveintopython-5.4/xml -> valgrind --db-attach=yes
    ../../xmllint --loaddtd --noout --noent diveintopython.xml
    
      Document references &a;
      a references &b;
      we references b content directly in by linking in the a content
      a has an error further down
      we free a, freeing the chunk from b
      Document references &b; after &a;
      we try to copy b content, but it was freed already => segfault
    
    * parser.c: never reference directly entity content without copying if
      we aren't in the document main entity

 parser.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)
---
diff --git a/parser.c b/parser.c
index 9a57b01..4d6a524 100644
--- a/parser.c
+++ b/parser.c
@@ -7396,7 +7396,7 @@ xmlParseReference(xmlParserCtxtPtr ctxt) {
 		if (ent->etype == XML_EXTERNAL_GENERAL_PARSED_ENTITY)
 		  xmlAddEntityReference(ent, firstChild, nw);
 #endif /* LIBXML_LEGACY_ENABLED */
-	    } else if (list == NULL) {
+	    } else if ((list == NULL) || (ctxt->inputNr > 0)) {
 		xmlNodePtr nw = NULL, cur, next, last,
 			   firstChild = NULL;
 		/*