6cbe2edaad
Merge branch 'PHP-8.4'
...
* PHP-8.4:
Fix GH-17397: Assertion failure ext/dom/php_dom.c
2025-01-08 19:46:23 +01:00
6d215981b6
Fix GH-17397: Assertion failure ext/dom/php_dom.c
...
The problem was that the property hash tables were not merging the
correct ones, a stupid typo (or caused by merging).
Closes GH-17406.
2025-01-08 19:45:40 +01:00
466c8b0e03
Merge branch 'PHP-8.4'
...
* PHP-8.4:
Fix GH-17257: UBSAN warning in ext/opcache/jit/zend_jit_vm_helpers.c
Fix GH-17223: Memory leak in libxml encoding handling
2024-12-26 12:26:59 +01:00
956576b0b4
Merge branch 'PHP-8.3' into PHP-8.4
...
* PHP-8.3:
Fix GH-17223: Memory leak in libxml encoding handling
2024-12-26 12:25:08 +01:00
7be950f3f6
Fix GH-17223: Memory leak in libxml encoding handling
...
This was a bug in both libxml and PHP.
We follow up with the same change as done in GNOME/libxml@b3871dd138 .
Changing away from `xmlOutputBufferCreateFilenameDefault` is not
possible yet because this is a stable branch and would break BC.
Closes GH-17254.
2024-12-26 12:24:06 +01:00
26244c7dcd
Merge branch 'PHP-8.4'
...
* PHP-8.4:
Fix DOM test on higher branches
2024-12-21 12:50:08 +01:00
d2b6b64655
Fix DOM test on higher branches
2024-12-21 12:50:04 +01:00
1fff0c05b7
Merge branch 'PHP-8.4'
...
* PHP-8.4:
Fix GH-17224: UAF in importNode
2024-12-21 12:01:53 +01:00
62dc89d947
Merge branch 'PHP-8.3' into PHP-8.4
...
* PHP-8.3:
Fix GH-17224: UAF in importNode
2024-12-21 12:01:48 +01:00
61615d5673
Fix GH-17224: UAF in importNode
...
Wrong document pointer is used for the namespace copy.
Closes GH-17230.
2024-12-21 12:01:22 +01:00
e78a008b36
Merge branch 'PHP-8.4'
...
* PHP-8.4:
Fix GH-17201: Dom\TokenList issues with interned string replace
2024-12-17 23:08:11 +01:00
e247461881
Fix GH-17201: Dom\TokenList issues with interned string replace
...
If a bucket previously had a non-interned string, and is now replaced
with an interned string, then the type flags still incorrectly state
it's a non-interned string. This leads to the refcount being edited for
interned strings, which in turn can lead to a crash when protect_memory
is set.
Closes GH-17207.
2024-12-17 23:07:58 +01:00
c015242947
Merge branch 'PHP-8.4'
...
* PHP-8.4:
Fix GH-17145: DOM memory leak
2024-12-14 12:12:52 +01:00
4656c22526
Fix GH-17145: DOM memory leak
...
Because the use of RETURN instead of RETVAL, the freeing code could not
be executed. This only is triggerable if the content of the attribute is
mixed text and entities, so it wasn't noticed earlier.
Closes GH-17147.
2024-12-14 12:12:40 +01:00
f576b81340
Merge branch 'PHP-8.4'
...
* PHP-8.4:
Fix GH-16906: Reloading document can cause UAF in iterator
2024-11-24 18:20:29 +01:00
52c7c74ebb
Merge branch 'PHP-8.3' into PHP-8.4
...
* PHP-8.3:
Fix GH-16906: Reloading document can cause UAF in iterator
2024-11-24 18:20:21 +01:00
9d39ff764e
Fix GH-16906: Reloading document can cause UAF in iterator
...
Closes GH-16909.
2024-11-24 18:19:45 +01:00
cfc8361fe6
Merge branch 'PHP-8.4'
...
* PHP-8.4:
Fix GH-16777: Calling the constructor again on a DOM object after it is in a document causes UAF
Fix GH-16808: Segmentation fault in RecursiveIteratorIterator->current() with a xml element input
2024-11-16 13:42:22 +01:00
d3fada3748
Merge branch 'PHP-8.3' into PHP-8.4
...
* PHP-8.3:
Fix GH-16777: Calling the constructor again on a DOM object after it is in a document causes UAF
Fix GH-16808: Segmentation fault in RecursiveIteratorIterator->current() with a xml element input
2024-11-16 13:42:14 +01:00
18b18f0ee0
Fix GH-16777: Calling the constructor again on a DOM object after it is in a document causes UAF
...
Closes GH-16824.
2024-11-16 13:42:01 +01:00
a3b27c083f
Add Dom\Element::insertAdjacentHTML() ( #16614 )
2024-11-09 10:52:06 +01:00
1a5ef4bb3f
Merge branch 'PHP-8.4'
...
* PHP-8.4:
Add missing cache invalidation for innerHTML (#16652 )
2024-10-30 22:15:39 +01:00
d5e6dd8f2b
Add missing cache invalidation for innerHTML ( #16652 )
...
* Add test with wrong output
* Add missing cache invalidation for innerHTML
2024-10-30 22:14:20 +01:00
99cdd670af
Merge branch 'PHP-8.4'
...
* PHP-8.4:
Fix GH-16595: Another UAF in DOM -> cloneNode
Fix GH-16593: Assertion failure in DOM->replaceChild
2024-10-28 19:45:27 +01:00
6e82ae9990
Merge branch 'PHP-8.3' into PHP-8.4
...
* PHP-8.3:
Fix GH-16595: Another UAF in DOM -> cloneNode
Fix GH-16593: Assertion failure in DOM->replaceChild
2024-10-28 19:45:22 +01:00
ed21ebd8aa
Merge branch 'PHP-8.2' into PHP-8.3
...
* PHP-8.2:
Fix GH-16595: Another UAF in DOM -> cloneNode
Fix GH-16593: Assertion failure in DOM->replaceChild
2024-10-28 19:39:24 +01:00
d89dd28d3b
Fix GH-16593: Assertion failure in DOM->replaceChild
...
This is already forbidden by libxml, but this condition isn't properly
checked; so the return value and lack of error makes it seem like it
worked while it actually didn't. Furthermore, this can break assumptions
and assertions later on.
Closes GH-16596.
2024-10-28 19:36:29 +01:00
91270aafa5
Merge branch 'PHP-8.4'
...
* PHP-8.4:
Fix GH-16594: Assertion failure in DOM -> before
Fix GH-16572: Incorrect result with reflection in low-trigger JIT
Fix GH-16577: EG(strtod_state).freelist leaks with opcache.preload
2024-10-28 19:33:24 +01:00
947e319b76
Fix GH-16594: Assertion failure in DOM -> before
...
The invalid parent condition can actually happen because PHP's DOM is
allows to get children of e.g. attributes; something normally not
possible.
Closes GH-16597.
2024-10-28 19:32:20 +01:00
6dd67bbb76
Merge branch 'PHP-8.4'
...
* PHP-8.4:
Updates for libxml2 >= 2.13.0
2024-10-22 00:17:44 +02:00
30dd291628
Updates for libxml2 >= 2.13.0
...
libxml2 2.13.0 introduced some relevant changes regarding the treatment
of file paths on Windows[1]. Thus we un-xfail bug69753.phpt and its
companion, and we adjust dom004.phpt. And we also disable the
workaround for erroneous file:/ URIs on Windows.
[1] <https://gitlab.gnome.org/GNOME/libxml2/-/commit/8ab1b122c47bfced2b59f52351507ebc1eb50218 >
Closes GH-16536.
2024-10-22 00:17:12 +02:00
7c6c8e110e
Merge branch 'PHP-8.4'
...
* PHP-8.4:
Fix GH-16535: UAF when using document as a child
Fix GH-16533: Segfault when adding attribute to parent that is not an element
2024-10-21 20:57:53 +02:00
a0266920e4
Merge branch 'PHP-8.3' into PHP-8.4
...
* PHP-8.3:
Fix GH-16535: UAF when using document as a child
Fix GH-16533: Segfault when adding attribute to parent that is not an element
2024-10-21 20:57:42 +02:00
5a09e0105e
Merge branch 'PHP-8.2' into PHP-8.3
...
* PHP-8.2:
Fix GH-16535: UAF when using document as a child
Fix GH-16533: Segfault when adding attribute to parent that is not an element
2024-10-21 20:57:22 +02:00
51b642f2c9
Fix GH-16535: UAF when using document as a child
...
Documents can never be children of any node.
Closes GH-16539.
2024-10-21 20:56:14 +02:00
a0a7361b64
Fix GH-16533: Segfault when adding attribute to parent that is not an element
...
Attributes are only valid as children of elements. This bug goes back
all the way.
Closes GH-16537.
2024-10-21 20:55:42 +02:00
b6f59d2a6b
Merge branch 'PHP-8.4'
...
* PHP-8.4:
Fix GH-16473: dom_import_simplexml stub is wrong
2024-10-17 23:28:59 +02:00
55266d420b
Merge branch 'PHP-8.3' into PHP-8.4
...
* PHP-8.3:
Fix GH-16473: dom_import_simplexml stub is wrong
2024-10-17 23:28:34 +02:00
c26d5f20e8
Merge branch 'PHP-8.2' into PHP-8.3
...
* PHP-8.2:
Fix GH-16473: dom_import_simplexml stub is wrong
2024-10-17 23:27:23 +02:00
41af9335b7
Fix GH-16473: dom_import_simplexml stub is wrong
...
It's been wrong since PHP 8.0 at least, and the signature was inherited
in 8.4-dev to the new DOM methods.
Closes GH-16489.
2024-10-17 23:26:50 +02:00
a73754fece
Merge branch 'PHP-8.4'
...
* PHP-8.4:
Fix various document ref pointer mismanagements
2024-10-17 21:21:56 +02:00
81a2cd4dac
Merge branch 'PHP-8.3' into PHP-8.4
...
* PHP-8.3:
Fix various document ref pointer mismanagements
2024-10-17 21:21:49 +02:00
5cb38e9d24
Fix various document ref pointer mismanagements
...
- Properly handle attributes
- Fix potential NULL dereference if the intern document pointer is NULL
Fixes GH-16336.
Fixes GH-16338.
Closes GH-16345.
2024-10-17 21:18:50 +02:00
1083872a08
Merge branch 'PHP-8.4'
...
* PHP-8.4:
Fix GH-16465: Heap buffer overflow in DOMNode->getElementByTagName
2024-10-16 22:55:29 +02:00
d70f3ba9a5
Fix GH-16465: Heap buffer overflow in DOMNode->getElementByTagName
...
If the input contains NUL bytes then the length doesn't match the actual
duplicated string's length. Note that libxml can't handle this properly
anyway so we just reject NUL bytes and too long strings.
Closes GH-16467.
2024-10-16 22:55:18 +02:00
105cf92a13
Merge branch 'PHP-8.4'
...
* PHP-8.4:
Add missing hierarchy checks to replaceChild
Fix GH-16337: Use-after-free in SplHeap
2024-10-12 13:39:13 +02:00
c31eac7284
Merge branch 'PHP-8.3' into PHP-8.4
...
* PHP-8.3:
Add missing hierarchy checks to replaceChild
Fix GH-16337: Use-after-free in SplHeap
2024-10-12 13:39:06 +02:00
3ed01d454d
Add missing hierarchy checks to replaceChild
...
You can break the hierarchy for attribute nodes, use the helper function
introduced recently [1] to fix this issue.
[1] 066d18f2
2024-10-12 13:32:13 +02:00
7ff940f2a2
Fix GH-16356: Segmentation fault with $outerHTML and next node ( #16364 )
...
`$outerHTML` should only serialize the current node, not its siblings.
2024-10-11 20:44:50 +02:00
c597f92be9
Merge branch 'PHP-8.4'
...
* PHP-8.4:
Fix GH-16316: DOMXPath breaks when not initialized properly
2024-10-10 19:29:22 +02:00
Niels Dossche