From cad47be8b66516ab158a8343a7fd3c2b947a84eb Mon Sep 17 00:00:00 2001
From: Bob Weinand <bobwei9@hotmail.com>
Date: Fri, 30 Jun 2023 15:18:37 +0200
Subject: [PATCH] Fix GH-11548 (Argument corruption when calling
 XMLReader::open or XMLReader::XML non-statically with observer active)

---
 NEWS                          |  4 ++++
 ext/xmlreader/php_xmlreader.c | 16 ++++++++++++++++
 2 files changed, 20 insertions(+)

diff --git a/NEWS b/NEWS
index 58bd0fcc557..94f123920d3 100644
--- a/NEWS
+++ b/NEWS
@@ -32,6 +32,10 @@ PHP                                                                        NEWS
 - Standard:
   . Fix serialization of RC1 objects appearing in object graph twice. (ilutov)
 
+- XMLReader:
+  . Fix GH-11548 (Argument corruption when calling XMLReader::open or
+    XMLReader::XML non-statically with observer active). (Bob)
+
 06 Jul 2023, PHP 8.2.8
 
 - CLI:
diff --git a/ext/xmlreader/php_xmlreader.c b/ext/xmlreader/php_xmlreader.c
index 961003db42f..9c7b320516e 100644
--- a/ext/xmlreader/php_xmlreader.c
+++ b/ext/xmlreader/php_xmlreader.c
@@ -22,6 +22,7 @@
 #include "php.h"
 #include "php_ini.h"
 #include "ext/standard/info.h"
+#include "zend_observer.h"
 #include "php_xmlreader.h"
 #ifdef HAVE_DOM
 #include "ext/dom/xml_common.h"
@@ -1148,6 +1149,18 @@ PHP_METHOD(XMLReader, expand)
 }
 /* }}} */
 
+static zend_result (*prev_zend_post_startup_cb)(void);
+static zend_result xmlreader_fixup_temporaries(void) {
+	if (ZEND_OBSERVER_ENABLED) {
+		++xmlreader_open_fn.T;
+		++xmlreader_xml_fn.T;
+	}
+	if (prev_zend_post_startup_cb) {
+		return prev_zend_post_startup_cb();
+	}
+	return SUCCESS;
+}
+
 /* {{{ PHP_MINIT_FUNCTION */
 PHP_MINIT_FUNCTION(xmlreader)
 {
@@ -1169,6 +1182,9 @@ PHP_MINIT_FUNCTION(xmlreader)
 	memcpy(&xmlreader_xml_fn, zend_hash_str_find_ptr(&xmlreader_class_entry->function_table, "xml", sizeof("xml")-1), sizeof(zend_internal_function));
 	xmlreader_xml_fn.fn_flags &= ~ZEND_ACC_STATIC;
 
+	prev_zend_post_startup_cb = zend_post_startup_cb;
+	zend_post_startup_cb = xmlreader_fixup_temporaries;
+
 	zend_hash_init(&xmlreader_prop_handlers, 0, NULL, php_xmlreader_free_prop_handler, 1);
 	xmlreader_register_prop_handler(&xmlreader_prop_handlers, "attributeCount", xmlTextReaderAttributeCount, NULL, IS_LONG);
 	xmlreader_register_prop_handler(&xmlreader_prop_handlers, "baseURI", NULL, xmlTextReaderConstBaseUri, IS_STRING);