From 112527d67798b6e18ed1c639e66d8cff674dcfd8 Mon Sep 17 00:00:00 2001 From: Remi Collet Date: Tue, 3 Aug 2021 12:06:36 +0200 Subject: [PATCH 1/2] Fix bug #81325 Segfault in zif_simplexml_import_dom --- ext/simplexml/simplexml.c | 2 +- ext/simplexml/tests/bug81325.phpt | 19 +++++++++++++++++++ 2 files changed, 20 insertions(+), 1 deletion(-) create mode 100644 ext/simplexml/tests/bug81325.phpt diff --git a/ext/simplexml/simplexml.c b/ext/simplexml/simplexml.c index 4ed41d75876..21e1190e681 100644 --- a/ext/simplexml/simplexml.c +++ b/ext/simplexml/simplexml.c @@ -2635,7 +2635,7 @@ PHP_FUNCTION(simplexml_import_dom) nodep = xmlDocGetRootElement((xmlDocPtr) nodep); } - if (nodep->type == XML_ELEMENT_NODE) { + if (nodep && nodep->type == XML_ELEMENT_NODE) { if (!ce) { ce = sxe_class_entry; fptr_count = NULL; diff --git a/ext/simplexml/tests/bug81325.phpt b/ext/simplexml/tests/bug81325.phpt new file mode 100644 index 00000000000..b4010dd1f0c --- /dev/null +++ b/ext/simplexml/tests/bug81325.phpt @@ -0,0 +1,19 @@ +--TEST-- +BUg #81325 (segfault in zif_simplexml_import_dom) +--SKIPIF-- + +--FILE-- +loadXML("foo"); +$xml = simplexml_import_dom($dom); +?> +Done +--EXPECTF-- +Warning: DOMDocument::loadXML(): Start tag expected%s + +Warning: simplexml_import_dom(): Invalid Nodetype%s +Done From 35c3e0b1a457f9422ad0bef32289e417922997fe Mon Sep 17 00:00:00 2001 From: Remi Collet Date: Tue, 3 Aug 2021 12:07:46 +0200 Subject: [PATCH 2/2] NEWS --- NEWS | 3 +++ 1 file changed, 3 insertions(+) diff --git a/NEWS b/NEWS index cb2748d1024..5c610541b47 100644 --- a/NEWS +++ b/NEWS @@ -35,6 +35,9 @@ PHP NEWS - Shmop: . Fixed bug #81283 (shmop can't read beyond 2147483647 bytes). (cmb, Nikita) +- SimpleXML: + . Fixed bug #81325 (Segfault in zif_simplexml_import_dom). (remi) + - Standard: . Fixed bug #72146 (Integer overflow on substr_replace). (cmb) . Fixed bug #81265 (getimagesize returns 0 for 256px ICO images).