Skip to content

Commit 20866b3

Browse files
devnexendevnexen
committed
Merge branch 'PHP-8.2' into PHP-8.3
2 parents df37671 + 2edf12e commit 20866b3

File tree

2 files changed

+57
-24
lines changed

2 files changed

+57
-24
lines changed

ext/simplexml/simplexml.c

Lines changed: 32 additions & 24 deletions
Original file line numberDiff line numberDiff line change
@@ -1493,6 +1493,35 @@ static void sxe_add_namespaces(php_sxe_object *sxe, xmlNodePtr node, bool recurs
14931493
}
14941494
} /* }}} */
14951495

1496+
static inline void sxe_object_free_iterxpath(php_sxe_object *sxe)
1497+
{
1498+
if (!Z_ISUNDEF(sxe->iter.data)) {
1499+
zval_ptr_dtor(&sxe->iter.data);
1500+
ZVAL_UNDEF(&sxe->iter.data);
1501+
}
1502+
1503+
if (sxe->iter.name) {
1504+
efree(sxe->iter.name);
1505+
sxe->iter.name = NULL;
1506+
}
1507+
if (sxe->iter.nsprefix) {
1508+
efree(sxe->iter.nsprefix);
1509+
sxe->iter.nsprefix = NULL;
1510+
}
1511+
if (!Z_ISUNDEF(sxe->tmp)) {
1512+
zval_ptr_dtor(&sxe->tmp);
1513+
ZVAL_UNDEF(&sxe->tmp);
1514+
}
1515+
1516+
php_libxml_node_decrement_resource((php_libxml_node_object *)sxe);
1517+
1518+
if (sxe->xpath) {
1519+
xmlXPathFreeContext(sxe->xpath);
1520+
sxe->xpath = NULL;
1521+
}
1522+
}
1523+
1524+
14961525
/* {{{ Return all namespaces in use */
14971526
PHP_METHOD(SimpleXMLElement, getNamespaces)
14981527
{
@@ -2149,29 +2178,7 @@ static void sxe_object_free_storage(zend_object *object)
21492178

21502179
zend_object_std_dtor(&sxe->zo);
21512180

2152-
if (!Z_ISUNDEF(sxe->iter.data)) {
2153-
zval_ptr_dtor(&sxe->iter.data);
2154-
ZVAL_UNDEF(&sxe->iter.data);
2155-
}
2156-
2157-
if (sxe->iter.name) {
2158-
efree(sxe->iter.name);
2159-
sxe->iter.name = NULL;
2160-
}
2161-
if (sxe->iter.nsprefix) {
2162-
efree(sxe->iter.nsprefix);
2163-
sxe->iter.nsprefix = NULL;
2164-
}
2165-
if (!Z_ISUNDEF(sxe->tmp)) {
2166-
zval_ptr_dtor(&sxe->tmp);
2167-
ZVAL_UNDEF(&sxe->tmp);
2168-
}
2169-
2170-
php_libxml_node_decrement_resource((php_libxml_node_object *)sxe);
2171-
2172-
if (sxe->xpath) {
2173-
xmlXPathFreeContext(sxe->xpath);
2174-
}
2181+
sxe_object_free_iterxpath(sxe);
21752182

21762183
if (sxe->properties) {
21772184
zend_hash_destroy(sxe->properties);
@@ -2371,11 +2378,12 @@ PHP_METHOD(SimpleXMLElement, __construct)
23712378
PHP_LIBXML_RESTORE_GLOBALS(read_file_or_memory);
23722379

23732380
if (!docp) {
2374-
((php_libxml_node_object *)sxe)->document = NULL;
23752381
zend_throw_exception(zend_ce_exception, "String could not be parsed as XML", 0);
23762382
RETURN_THROWS();
23772383
}
23782384

2385+
sxe_object_free_iterxpath(sxe);
2386+
23792387
sxe->iter.nsprefix = ns_len ? (xmlChar*)estrdup(ns) : NULL;
23802388
sxe->iter.isprefix = isprefix;
23812389
php_libxml_increment_doc_ref((php_libxml_node_object *)sxe, docp);

ext/simplexml/tests/gh14638.phpt

Lines changed: 25 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,25 @@
1+
--TEST--
2+
GH-14638: null pointer dereference on object cast __toString after failed XML parsing
3+
--EXTENSIONS--
4+
simplexml
5+
--CREDITS--
6+
YuanchengJiang
7+
--FILE--
8+
<?php
9+
$xml = '<?xml version="1.0" encoding="utf-8" ?>
10+
<test>
11+
</test>';
12+
$root = simplexml_load_string($xml);
13+
try {
14+
$root->__construct("malformed");
15+
} catch (Exception $e) {
16+
// Intentionally empty
17+
}
18+
echo $root;
19+
?>
20+
--EXPECTF--
21+
Warning: SimpleXMLElement::__construct(): Entity: line 1: parser error : Start tag expected, '<' not found in %s on line %d
22+
23+
Warning: SimpleXMLElement::__construct(): malformed in %s on line %d
24+
25+
Warning: SimpleXMLElement::__construct(): ^ in %s on line %d

0 commit comments

Comments
 (0)