From 8cc94d1bef37ed6d7c3dca8e6bf3bf3286d3b93c Mon Sep 17 00:00:00 2001 From: Niels Dossche <7771979+nielsdos@users.noreply.github.com> Date: Sat, 24 Aug 2024 17:07:19 +0200 Subject: [PATCH] Fix GH-15570: Segmentation fault (access null pointer) in ext/dom/html5_serializer.c --- ext/dom/html5_serializer.c | 4 ++-- ext/dom/tests/gh15570.phpt | 19 +++++++++++++++++++ 2 files changed, 21 insertions(+), 2 deletions(-) create mode 100644 ext/dom/tests/gh15570.phpt diff --git a/ext/dom/html5_serializer.c b/ext/dom/html5_serializer.c index 3970fb059c1c..f0048aa4aae8 100644 --- a/ext/dom/html5_serializer.c +++ b/ext/dom/html5_serializer.c @@ -137,8 +137,8 @@ static zend_result dom_html5_serialize_text_node(dom_html5_serialize_context *ct return SUCCESS; } - if (node->parent->type == XML_ELEMENT_NODE && php_dom_ns_is_fast(node->parent, php_dom_ns_is_html_magic_token)) { - const xmlNode *parent = node->parent; + const xmlNode *parent = node->parent; + if (parent != NULL && parent->type == XML_ELEMENT_NODE && php_dom_ns_is_fast(parent, php_dom_ns_is_html_magic_token)) { size_t name_length = strlen((const char *) parent->name); /* Spec tells us to only emit noscript content as-is if scripting is enabled. * However, the user agent (PHP) does not support (JS) scripting. diff --git a/ext/dom/tests/gh15570.phpt b/ext/dom/tests/gh15570.phpt new file mode 100644 index 000000000000..f2337cca2259 --- /dev/null +++ b/ext/dom/tests/gh15570.phpt @@ -0,0 +1,19 @@ +--TEST-- +GH-15570 (Segmentation fault (access null pointer) in ext/dom/html5_serializer.c) +--CREDITS-- +YuanchengJiang +--EXTENSIONS-- +dom +--FILE-- + + +HTML; +$dom = Dom\HTMLDocument::createFromString($html, LIBXML_NOERROR); +$a = $dom->head->firstChild->cloneNode(false); +var_dump($dom->saveHTML($a)); +?> +--EXPECT-- +string(1) " +"