[libxml2] Fix exponential behavior with recursive entities

[Nick Wellnhofer <nwellnhof src gnome org>]

commit c3fd8c429591e06eb847c11bc9273d13b3450d53
Author: Nick Wellnhofer <wellnhofer aevum de>
Date:   Sat Mar 13 17:19:32 2021 +0100

    Fix exponential behavior with recursive entities
    
    Fix another case where only recursion depth was limited, but entities
    would still be expanded over and over again.
    
    The test case discovered by fuzzing only affected parsing in recovery
    mode with XML_PARSE_RECOVER.
    
    Found by OSS-Fuzz.

 parser.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)
---
diff --git a/parser.c b/parser.c
index efde672f..b42e6043 100644
--- a/parser.c
+++ b/parser.c
@@ -2684,8 +2684,10 @@ xmlStringLenDecodeEntities(xmlParserCtxtPtr ctxt, const xmlChar *str, int len,
                rep = xmlStringDecodeEntities(ctxt, ent->content, what,
                                              0, 0, 0);
                ctxt->depth--;
-               if (rep == NULL)
+               if (rep == NULL) {
+                    ent->content[0] = 0;
                     goto int_error;
+                }
 
                 current = rep;
                 while (*current != 0) { /* non input consuming loop */
@@ -2740,8 +2742,11 @@ xmlStringLenDecodeEntities(xmlParserCtxtPtr ctxt, const xmlChar *str, int len,
                rep = xmlStringDecodeEntities(ctxt, ent->content, what,
                                              0, 0, 0);
                ctxt->depth--;
-               if (rep == NULL)
+               if (rep == NULL) {
+                    if (ent->content != NULL)
+                        ent->content[0] = 0;
                     goto int_error;
+                }
                 current = rep;
                 while (*current != 0) { /* non input consuming loop */
                     buffer[nbchars++] = *current++;