From 9853aac880338ef1a0227191b40ce3c92c21a0bd Mon Sep 17 00:00:00 2001
From: Niels Dossche <7771979+nielsdos@users.noreply.github.com>
Date: Tue, 30 Apr 2024 21:09:29 +0200
Subject: [PATCH] Fix crash when calling childNodes next() when iterator is
 exhausted

---
 ext/dom/dom_iterators.c                     |  3 +--
 ext/dom/tests/childNodes_current_crash.phpt | 25 +++++++++++++++++++++
 2 files changed, 26 insertions(+), 2 deletions(-)
 create mode 100644 ext/dom/tests/childNodes_current_crash.phpt

diff --git a/ext/dom/dom_iterators.c b/ext/dom/dom_iterators.c
index 72c97104db04..670f08a679f2 100644
--- a/ext/dom/dom_iterators.c
+++ b/ext/dom/dom_iterators.c
@@ -147,8 +147,7 @@ static int php_dom_iterator_valid(zend_object_iterator *iter) /* {{{ */
 zval *php_dom_iterator_current_data(zend_object_iterator *iter) /* {{{ */
 {
 	php_dom_iterator *iterator = (php_dom_iterator *)iter;
-
-	return &iterator->curobj;
+	return Z_ISUNDEF(iterator->curobj) ? NULL : &iterator->curobj;
 }
 /* }}} */
 
diff --git a/ext/dom/tests/childNodes_current_crash.phpt b/ext/dom/tests/childNodes_current_crash.phpt
new file mode 100644
index 000000000000..aa93cf33a648
--- /dev/null
+++ b/ext/dom/tests/childNodes_current_crash.phpt
@@ -0,0 +1,25 @@
+--TEST--
+Crash in childNodes iterator current()
+--EXTENSIONS--
+dom
+--FILE--
+<?php
+
+$dom = new DOMDocument;
+$dom->loadXML('<foo>foo1</foo>');
+
+$nodes = $dom->documentElement->childNodes;
+$iter = $nodes->getIterator();
+
+var_dump($iter->valid());
+var_dump($iter->current()?->wholeText);
+$iter->next();
+var_dump($iter->valid());
+var_dump($iter->current()?->wholeText);
+
+?>
+--EXPECT--
+bool(true)
+string(4) "foo1"
+bool(false)
+NULL