--- /dev/null
+libxslt-1.1.32: Fix handling of RVTs returned from nested EXSLT functions
+
+[No upstream tracking] -- https://bugzilla.gnome.org/show_bug.cgi?id=792580
+
+Set the context variable to NULL when evaluating EXSLT functions.
+Fixes potential use-after-free errors or memory leaks.
+
+Upstream-Status: Backport [https://git.gnome.org/browse/libxslt/commit/?id=8bd32f7753ac253a54279a0b6a88d15a57076bb0]
+bug: 792580
+Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
+
+diff --git a/libexslt/functions.c b/libexslt/functions.c
+index dc794e3..8511cb0 100644
+--- a/libexslt/functions.c
++++ b/libexslt/functions.c
+@@ -280,6 +280,7 @@ exsltFuncFunctionFunction (xmlXPathParserContextPtr ctxt, int nargs) {
+ exsltFuncFunctionData *func;
+ xmlNodePtr paramNode, oldInsert, fake;
+ int oldBase;
++ void *oldCtxtVar;
+ xsltStackElemPtr params = NULL, param;
+ xsltTransformContextPtr tctxt = xsltXPathGetTransformContext(ctxt);
+ int i, notSet;
+@@ -418,11 +419,14 @@ exsltFuncFunctionFunction (xmlXPathParserContextPtr ctxt, int nargs) {
+ fake = xmlNewDocNode(tctxt->output, NULL,
+ (const xmlChar *)"fake", NULL);
+ oldInsert = tctxt->insert;
++ oldCtxtVar = tctxt->contextVariable;
+ tctxt->insert = fake;
++ tctxt->contextVariable = NULL;
+ xsltApplyOneTemplate (tctxt, tctxt->node,
+ func->content, NULL, NULL);
+ xsltLocalVariablePop(tctxt, tctxt->varsBase, -2);
+ tctxt->insert = oldInsert;
++ tctxt->contextVariable = oldCtxtVar;
+ tctxt->varsBase = oldBase; /* restore original scope */
+ if (params != NULL)
+ xsltFreeStackElemList(params);
+diff --git a/tests/docs/bug-209.xml b/tests/docs/bug-209.xml
+new file mode 100644
+index 0000000..69d62f2
+--- /dev/null
++++ b/tests/docs/bug-209.xml
+@@ -0,0 +1 @@
++<doc/>
+diff --git a/tests/general/bug-209.out b/tests/general/bug-209.out
+new file mode 100644
+index 0000000..e829790
+--- /dev/null
++++ b/tests/general/bug-209.out
+@@ -0,0 +1,2 @@
++<?xml version="1.0"?>
++<result/>
+diff --git a/tests/general/bug-209.xsl b/tests/general/bug-209.xsl
+new file mode 100644
+index 0000000..fe69ac6
+--- /dev/null
++++ b/tests/general/bug-209.xsl
+@@ -0,0 +1,21 @@
++<xsl:stylesheet
++ version="1.0"
++ xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
++ xmlns:func="http://exslt.org/functions"
++ extension-element-prefixes="func">
++
++ <xsl:template match="/">
++ <xsl:variable name="v" select="func:a()" />
++ <xsl:copy-of select="$v"/>
++ </xsl:template>
++
++ <func:function name="func:a">
++ <func:result select="func:b()" />
++ </func:function>
++
++ <func:function name="func:b">
++ <func:result>
++ <result/>
++ </func:result>
++ </func:function>
++</xsl:stylesheet>
