From 61f704f26990326a86d925e1374093e9b2e2bed2 Mon Sep 17 00:00:00 2001 From: Gina Peter Banyard Date: Mon, 17 Mar 2025 14:12:11 +0000 Subject: [PATCH] ext/libxml: Fixed custom external entity loader returning an invalid resource leading to a confusing TypeError message Closes GH-18096 --- NEWS | 4 ++++ ext/libxml/libxml.c | 19 ++++++++++++------- ...nal_entity_loader_error_callback_name.phpt | 2 +- 3 files changed, 17 insertions(+), 8 deletions(-) diff --git a/NEWS b/NEWS index 774058d2537..71430bc20b0 100644 --- a/NEWS +++ b/NEWS @@ -8,6 +8,10 @@ PHP NEWS . Fixed GH-18243 imagettftext() overflow/underflow on font size value. (David Carlier) +- libxml: + . Fixed custom external entity loader returning an invalid resource leading + to a confusing TypeError message. (Girgias) + - OpenSSL: . Fix memory leak in openssl_sign() when passing invalid algorithm. (nielsdos) diff --git a/ext/libxml/libxml.c b/ext/libxml/libxml.c index 18ca51e36a0..5c903d2c9a2 100644 --- a/ext/libxml/libxml.c +++ b/ext/libxml/libxml.c @@ -793,13 +793,18 @@ static xmlParserInputPtr _php_libxml_external_entity_loader(const char *URL, is_string: resource = Z_STRVAL(retval); } else if (Z_TYPE(retval) == IS_RESOURCE) { - php_stream *stream; - php_stream_from_zval_no_verify(stream, &retval); - if (stream == NULL) { - php_libxml_ctx_error(context, - "The user entity loader callback '%s' has returned a " - "resource, but it is not a stream", - ZSTR_VAL(LIBXML(entity_loader_callback).function_handler->common.function_name)); + php_stream *stream = (php_stream*)zend_fetch_resource2_ex(&retval, NULL, php_file_le_stream(), php_file_le_pstream()); + if (UNEXPECTED(stream == NULL)) { + zval callable; + zend_get_callable_zval_from_fcc(&LIBXML(entity_loader_callback), &callable); + zend_string *callable_name = zend_get_callable_name(&callable); + zend_string *func_name = get_active_function_or_method_name(); + zend_type_error( + "%s(): The user entity loader callback \"%s\" has returned a resource, but it is not a stream", + ZSTR_VAL(func_name), ZSTR_VAL(callable_name)); + zend_string_release(func_name); + zend_string_release(callable_name); + zval_ptr_dtor(&callable); } else { /* TODO: allow storing the encoding in the stream context? */ xmlCharEncoding enc = XML_CHAR_ENCODING_NONE; diff --git a/ext/libxml/tests/libxml_get_external_entity_loader_error_callback_name.phpt b/ext/libxml/tests/libxml_get_external_entity_loader_error_callback_name.phpt index 1bdbbfb5b81..2122785ef5b 100644 --- a/ext/libxml/tests/libxml_get_external_entity_loader_error_callback_name.phpt +++ b/ext/libxml/tests/libxml_get_external_entity_loader_error_callback_name.phpt @@ -40,4 +40,4 @@ $file = __DIR__ . '/db.dba'; unlink($file); ?> --EXPECT-- -string(73) "DOMDocument::validate(): supplied resource is not a valid stream resource" +string(122) "DOMDocument::validate(): The user entity loader callback "Handler::handle" has returned a resource, but it is not a stream"