From 8ad59157561fc2db26f437049cfd3342f36e6ff7 Mon Sep 17 00:00:00 2001
From: Niels Dossche <7771979+ndossche@users.noreply.github.com>
Date: Wed, 12 Nov 2025 22:07:11 +0100
Subject: [PATCH] dom: Fix missing NUL byte check on C14NFile()

Closes GH-20466.
---
 NEWS           | 3 +++
 ext/dom/node.c | 2 +-
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/NEWS b/NEWS
index 7d0fc8ce630..21b31fb93ef 100644
--- a/NEWS
+++ b/NEWS
@@ -11,6 +11,9 @@ PHP                                                                        NEWS
   . Fix crashes when trying to instantiate uninstantiable classes via date
     static constructors. (ndossche)
 
+- DOM:
+  . Fix missing NUL byte check on C14NFile(). (ndossche)
+
 - Opcache:
   . Fixed bug GH-20329 (opcache.file_cache broken with full interned string
     buffer). (Arnaud)
diff --git a/ext/dom/node.c b/ext/dom/node.c
index 588665830bf..d25c921e0eb 100644
--- a/ext/dom/node.c
+++ b/ext/dom/node.c
@@ -1857,7 +1857,7 @@ static void dom_canonicalization(INTERNAL_FUNCTION_PARAMETERS, int mode) /* {{{
 		}
 	} else {
 		if (zend_parse_parameters(ZEND_NUM_ARGS(),
-			"s|bba!a!", &file, &file_len, &exclusive,
+			"p|bba!a!", &file, &file_len, &exclusive,
 			&with_comments, &xpath_array, &ns_prefixes) == FAILURE) {
 			RETURN_THROWS();
 		}