From 793f6321e792da8c1d948ba411b6b70f5129f63d Mon Sep 17 00:00:00 2001
From: Niels Dossche <7771979+nielsdos@users.noreply.github.com>
Date: Fri, 23 Aug 2024 08:56:06 +0200
Subject: [PATCH] Fix NULL pointer dereference with NULL content in legacy
 nodes (#15546)

---
 ext/dom/html5_serializer.c                    |  8 +++++++-
 .../html/serializer/legacy_null_content.phpt  | 20 +++++++++++++++++++
 2 files changed, 27 insertions(+), 1 deletion(-)
 create mode 100644 ext/dom/tests/modern/html/serializer/legacy_null_content.phpt

diff --git a/ext/dom/html5_serializer.c b/ext/dom/html5_serializer.c
index c87d3480a5f..3970fb059c1 100644
--- a/ext/dom/html5_serializer.c
+++ b/ext/dom/html5_serializer.c
@@ -42,7 +42,9 @@ static zend_result dom_html5_serialize_doctype(dom_html5_serialize_context *ctx,
 static zend_result dom_html5_serialize_comment(dom_html5_serialize_context *ctx, const xmlNode *node)
 {
 	TRY(ctx->write_string_len(ctx->application_data, "<!--", strlen("<!--")));
-	TRY(ctx->write_string(ctx->application_data, (const char *) node->content));
+	if (node->content) {
+		TRY(ctx->write_string(ctx->application_data, (const char*) node->content));
+	}
 	return ctx->write_string_len(ctx->application_data, "-->", strlen("-->"));
 }
 
@@ -131,6 +133,10 @@ static zend_result dom_html5_escape_string(dom_html5_serialize_context *ctx, con
 
 static zend_result dom_html5_serialize_text_node(dom_html5_serialize_context *ctx, const xmlNode *node)
 {
+	if (!node->content) {
+		return SUCCESS;
+	}
+
 	if (node->parent->type == XML_ELEMENT_NODE && php_dom_ns_is_fast(node->parent, php_dom_ns_is_html_magic_token)) {
 		const xmlNode *parent = node->parent;
 		size_t name_length = strlen((const char *) parent->name);
diff --git a/ext/dom/tests/modern/html/serializer/legacy_null_content.phpt b/ext/dom/tests/modern/html/serializer/legacy_null_content.phpt
new file mode 100644
index 00000000000..eaedfbe2323
--- /dev/null
+++ b/ext/dom/tests/modern/html/serializer/legacy_null_content.phpt
@@ -0,0 +1,20 @@
+--TEST--
+Serialize legacy nodes with NULL content
+--EXTENSIONS--
+dom
+--FILE--
+<?php
+$dom = Dom\HTMLDocument::createEmpty();
+$root = $dom->appendChild($dom->createElement('html'));
+
+$root->appendChild($dom->importLegacyNode(new DOMText));
+$root->appendChild($dom->importLegacyNode(new DOMComment));
+$root->appendChild($dom->importLegacyNode(new DOMProcessingInstruction('target')));
+$root->appendChild($dom->importLegacyNode(new DOMCdataSection('')));
+
+echo $dom->saveHTML(), "\n";
+echo $dom->documentElement->innerHTML, "\n";
+?>
+--EXPECT--
+<html><!----><?target ></html>
+<!----><?target >