Memory leak in xmlFreeTextReader
In error cases, there might still be elements in the vstate table. Since vstateVPop in valid.c is private, we have to pop the elements with xmlValidatePopElement. This inspects nodes of the document, so the reader doc must be freed after the clearing the vstate table. Found by OSS-Fuzz.