diff --git a/ext/simplexml/simplexml.c b/ext/simplexml/simplexml.c
index ea0a321fc37..02620fde9e2 100644
--- a/ext/simplexml/simplexml.c
+++ b/ext/simplexml/simplexml.c
@@ -415,8 +415,6 @@ long_dim:
 
 	GET_NODE(sxe, node);
 
-	php_libxml_invalidate_node_list_cache_from_doc(node->doc);
-
 	if (sxe->iter.type == SXE_ITER_ATTRLIST) {
 		attribs = 1;
 		elements = 0;
@@ -477,6 +475,8 @@ long_dim:
 	}
 
 	if (node) {
+		php_libxml_invalidate_node_list_cache_from_doc(node->doc);
+
 		if (attribs) {
 			if (Z_TYPE_P(member) == IS_LONG) {
 				while (attr && nodendx <= Z_LVAL_P(member)) {
@@ -619,6 +619,9 @@ static zval *sxe_property_get_adr(zend_object *object, zend_string *zname, int f
 
 	sxe = php_sxe_fetch_object(object);
 	GET_NODE(sxe, node);
+	if (UNEXPECTED(!node)) {
+		return &EG(error_zval);
+	}
 	name = ZSTR_VAL(zname);
 	node = sxe_get_element_by_name(sxe, node, name, &type);
 	if (node) {
@@ -788,8 +791,6 @@ static void sxe_prop_dim_delete(zend_object *object, zval *member, bool elements
 
 	GET_NODE(sxe, node);
 
-	php_libxml_invalidate_node_list_cache_from_doc(node->doc);
-
 	if (Z_TYPE_P(member) == IS_LONG) {
 		if (sxe->iter.type != SXE_ITER_ATTRLIST) {
 			attribs = 0;
@@ -813,6 +814,8 @@ static void sxe_prop_dim_delete(zend_object *object, zval *member, bool elements
 	}
 
 	if (node) {
+		php_libxml_invalidate_node_list_cache_from_doc(node->doc);
+
 		if (attribs) {
 			if (Z_TYPE_P(member) == IS_LONG) {
 				int	nodendx = 0;
@@ -1639,8 +1642,6 @@ PHP_METHOD(SimpleXMLElement, addChild)
 	sxe = Z_SXEOBJ_P(ZEND_THIS);
 	GET_NODE(sxe, node);
 
-	php_libxml_invalidate_node_list_cache_from_doc(node->doc);
-
 	if (sxe->iter.type == SXE_ITER_ATTRLIST) {
 		php_error_docref(NULL, E_WARNING, "Cannot add element to attributes");
 		return;
@@ -1653,6 +1654,8 @@ PHP_METHOD(SimpleXMLElement, addChild)
 		return;
 	}
 
+	php_libxml_invalidate_node_list_cache_from_doc(node->doc);
+
 	localname = xmlSplitQName2((xmlChar *)qname, &prefix);
 	if (localname == NULL) {
 		localname = xmlStrdup((xmlChar *)qname);
diff --git a/ext/simplexml/tests/get_prop_address_not_initialized.phpt b/ext/simplexml/tests/get_prop_address_not_initialized.phpt
new file mode 100644
index 00000000000..e6f07405b9b
--- /dev/null
+++ b/ext/simplexml/tests/get_prop_address_not_initialized.phpt
@@ -0,0 +1,17 @@
+--TEST--
+Getting the address of an uninitialized property of a SimpleXMLElement
+--EXTENSIONS--
+simplexml
+--FILE--
+<?php
+
+$rc = new ReflectionClass('SimpleXMLElement');
+$sxe = $rc->newInstanceWithoutConstructor();
+$sxe->a['b'] = 'b';
+
+?>
+--EXPECTF--
+Fatal error: Uncaught Error: SimpleXMLElement is not properly initialized in %s:%d
+Stack trace:
+#0 {main}
+  thrown in %s on line %d
diff --git a/ext/simplexml/tests/gh12929.phpt b/ext/simplexml/tests/gh12929.phpt
new file mode 100644
index 00000000000..2ae89346dba
--- /dev/null
+++ b/ext/simplexml/tests/gh12929.phpt
@@ -0,0 +1,29 @@
+--TEST--
+GH-12929 (SimpleXMLElement with stream_wrapper_register can segfault)
+--EXTENSIONS--
+simplexml
+--FILE--
+<?php
+$scheme = "foo1";
+stream_wrapper_register($scheme, "SimpleXMLIterator");
+try {
+    file_get_contents($scheme . "://x");
+} catch (Error $e) {
+    echo $e->getMessage(), "\n";
+    echo $e->getPrevious()->getMessage(), "\n";
+}
+
+$scheme = "foo2";
+stream_wrapper_register($scheme, "SimpleXMLElement");
+try {
+    file_get_contents($scheme . "://x");
+} catch (Error $e) {
+    echo $e->getMessage(), "\n";
+    echo $e->getPrevious()->getMessage(), "\n";
+}
+?>
+--EXPECT--
+It's not possible to assign a complex type to properties, resource given
+SimpleXMLElement is not properly initialized
+It's not possible to assign a complex type to properties, resource given
+SimpleXMLElement is not properly initialized
diff --git a/sapi/phpdbg/phpdbg_prompt.c b/sapi/phpdbg/phpdbg_prompt.c
index 41ef0ac4f1c..c60e52048eb 100644
--- a/sapi/phpdbg/phpdbg_prompt.c
+++ b/sapi/phpdbg/phpdbg_prompt.c
@@ -363,7 +363,7 @@ void phpdbg_init(char *init_file, size_t init_file_len, bool use_default) /* {{{
 			}
 
 			ZEND_IGNORE_VALUE(asprintf(&init_file, "%s/%s", scan_dir, PHPDBG_INIT_FILENAME));
-			phpdbg_try_file_init(init_file, strlen(init_file), 1);
+			phpdbg_try_file_init(init_file, strlen(init_file), 0);
 			free(init_file);
 			if (i == -1) {
 				break;
diff --git a/sapi/phpdbg/tests/gh12962.phpt b/sapi/phpdbg/tests/gh12962.phpt
new file mode 100644
index 00000000000..c5cf9425d7c
--- /dev/null
+++ b/sapi/phpdbg/tests/gh12962.phpt
@@ -0,0 +1,13 @@
+--TEST--
+GH-12962 (Double free of init_file in phpdbg_prompt.c)
+--SKIPIF--
+<?php
+if (!getenv('TEST_PHPDBG_EXECUTABLE')) die("SKIP: No TEST_PHPDBG_EXECUTABLE specified");
+?>
+--FILE--
+<?php
+putenv('PHP_INI_SCAN_DIR='.__DIR__."/gh12962");
+passthru($_ENV['TEST_PHPDBG_EXECUTABLE'] . " -q");
+?>
+--EXPECT--
+Executed .phpdbginit
diff --git a/sapi/phpdbg/tests/gh12962/.phpdbginit b/sapi/phpdbg/tests/gh12962/.phpdbginit
new file mode 100644
index 00000000000..29184ddf7c8
--- /dev/null
+++ b/sapi/phpdbg/tests/gh12962/.phpdbginit
@@ -0,0 +1,2 @@
+ev "Executed .phpdbginit"
+q