Revert "Fix quadratic runtime in xi:fallback processing"

This reverts commit 27119ec33c.

Not copying fallback children didn't fix up namespaces and could lead
to use-after-free errors.

Found by OSS-Fuzz.

xinclude.c

@@ -1984,7 +1984,8 @@ xmlXIncludeLoadFallback(xmlXIncludeCtxtPtr ctxt, xmlNodePtr fallback, int nr) {
 	    ret = -1;
 	xmlXIncludeFreeContext(newctxt);
 
-	ctxt->incTab[nr]->inc = fallback->children;
+	ctxt->incTab[nr]->inc = xmlDocCopyNodeList(ctxt->doc,
+	                                           fallback->children);
     } else {
         ctxt->incTab[nr]->inc = NULL;
     }
@@ -2240,6 +2241,12 @@ xmlXIncludeIncludeNode(xmlXIncludeCtxtPtr ctxt, int nr) {
         if (ctxt->incTab[nr]->fallback)
             xmlUnsetProp(cur, BAD_CAST "href");
 	cur->type = XML_XINCLUDE_START;
+        /* Remove fallback children */
+        for (child = cur->children; child != NULL; child = next) {
+            next = child->next;
+            xmlUnlinkNode(child);
+            xmlFreeNode(child);
+        }
 	end = xmlNewDocNode(cur->doc, cur->ns, cur->name, NULL);
 	if (end == NULL) {
 	    xmlXIncludeErr(ctxt, ctxt->incTab[nr]->ref,
@@ -2255,16 +2262,10 @@ xmlXIncludeIncludeNode(xmlXIncludeCtxtPtr ctxt, int nr) {
 	 * Add the list of nodes
 	 */
 	while (list != NULL) {
-	    next = list->next;
+	    cur = list;
-	    xmlAddPrevSibling(end, list);
+	    list = list->next;
-	    list = next;
-	}
 
-        /* Remove fallback node */
+	    xmlAddPrevSibling(end, cur);
-        for (child = cur->children; child != NULL; child = next) {
-            next = child->next;
-            xmlUnlinkNode(child);
-            xmlFreeNode(child);
 	}
     }