From ca1f0f7ba9ccd1fa88830ff4ed3a1c126b33e1de Mon Sep 17 00:00:00 2001 From: Niels Dossche <7771979+nielsdos@users.noreply.github.com> Date: Sun, 28 Jul 2024 13:37:31 +0200 Subject: [PATCH] Fix GH-15137: Unexpected null pointer in Zend/zend_smart_str.h This regressed when I optimized $wholeText. The previous code used xmlStrcat which implicitly checked for a NULL argument, but now it's a direct memcpy which you shouldn't pass null pointers to, although it won't result in a crash because memcpy doesn't do anything if the length is 0. --- ext/dom/tests/gh15137.phpt | 11 +++++++++++ ext/dom/text.c | 4 +++- 2 files changed, 14 insertions(+), 1 deletion(-) create mode 100644 ext/dom/tests/gh15137.phpt diff --git a/ext/dom/tests/gh15137.phpt b/ext/dom/tests/gh15137.phpt new file mode 100644 index 0000000000000..c5ce1aca75be1 --- /dev/null +++ b/ext/dom/tests/gh15137.phpt @@ -0,0 +1,11 @@ +--TEST-- +GH-15137: Unexpected null pointer in Zend/zend_smart_str.h +--EXTENSIONS-- +dom +--FILE-- +wholeText); +?> +--EXPECT-- +string(0) "" + diff --git a/ext/dom/text.c b/ext/dom/text.c index fe0cc8cd5a5c5..ca8fcf63d3aca 100644 --- a/ext/dom/text.c +++ b/ext/dom/text.c @@ -77,7 +77,9 @@ zend_result dom_text_whole_text_read(dom_object *obj, zval *retval) /* concatenate all adjacent text and cdata nodes */ while (node && ((node->type == XML_TEXT_NODE) || (node->type == XML_CDATA_SECTION_NODE))) { - smart_str_appends(&str, (const char *) node->content); + if (node->content) { + smart_str_appends(&str, (const char *) node->content); + } node = node->next; }