Index: libxml2-2.6.32/parser.c
===================================================================
--- libxml2-2.6.32.orig/parser.c
+++ libxml2-2.6.32/parser.c
@@ -2381,7 +2381,11 @@ xmlStringLenDecodeEntities(xmlParserCtxt
 		xmlGenericError(xmlGenericErrorContext,
 			"String decoding Entity Reference: %.30s\n",
 			str);
+	    ctxt->depth += 3;
 	    ent = xmlParseStringEntityRef(ctxt, &str);
+	    ctxt->depth -= 3;
+	    if (ctxt->lastError.code == XML_ERR_ENTITY_LOOP)
+	        goto int_error;
 	    if ((ent != NULL) &&
 		(ent->etype == XML_INTERNAL_PREDEFINED_ENTITY)) {
 		if (ent->content != NULL) {
@@ -2394,10 +2398,10 @@ xmlStringLenDecodeEntities(xmlParserCtxt
 			    "predefined entity has no content\n");
 		}
 	    } else if ((ent != NULL) && (ent->content != NULL)) {
-		ctxt->depth++;
+		ctxt->depth += 3;
 		rep = xmlStringDecodeEntities(ctxt, ent->content, what,
 			                      0, 0, 0);
-		ctxt->depth--;
+		ctxt->depth -= 3;
 		if (rep != NULL) {
 		    current = rep;
 		    while (*current != 0) { /* non input consuming loop */
@@ -2432,10 +2436,10 @@ xmlStringLenDecodeEntities(xmlParserCtxt
 		    if (xmlLoadEntityContent(ctxt, ent) < 0) {
 		    }
 		}
-		ctxt->depth++;
+		ctxt->depth += 3;
 		rep = xmlStringDecodeEntities(ctxt, ent->content, what,
 			                      0, 0, 0);
-		ctxt->depth--;
+		ctxt->depth -= 3;
 		if (rep != NULL) {
 		    current = rep;
 		    while (*current != 0) { /* non input consuming loop */
@@ -2466,6 +2470,7 @@ xmlStringLenDecodeEntities(xmlParserCtxt
 
 mem_error:
     xmlErrMemory(ctxt, NULL);
+int_error:
     if (rep != NULL)
         xmlFree(rep);
     if (buffer != NULL)