If only we did not have the pseudo-key "@attributes", we could've just
removed the custom get_debug_info implementation and this would work out
of the box. Anyway, we just have to manually check for an override now.
Closes GH-20131.
Normally, simplexml cannot import document nodes,
but xsl allows to circumvent this.
A document does not have a name, so we return the empty string
in that case.
While we could add an explicit check, we might as well switch
the macro to a form that would be more optimal anyway as many
tag names can be single characters.
The test was added in xsl because adding it in simplexml would
break out-of-tree builds of simplexml.
Closes GH-19990.
In the macOS 26 SDK, xmlFree is defined as a macro for free. This causes
issues where a same-named variable is used. Renaming the variable to
should_free resolves the issue.
See:
$ grep -B4 -A2 -n "#define xmlFree(" "Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX26.sdk/usr/include/libxml/globals.h"
261-#if defined(LIBXML_HAS_DEPRECATED_MEMORY_ALLOCATION_FUNCTIONS)
262-#define xmlMalloc(size) malloc(size)
263-#define xmlMallocAtomic(size) malloc(size)
264-#define xmlRealloc(ptr, size) realloc((ptr), (size))
265:#define xmlFree(ptr) free(ptr)
266-#define xmlMemStrdup(str) strdup(str)
267-#endif
Fixes:
```
In file included from /Library/Developer/CommandLineTools/SDKs/MacOSX26.sdk/usr/include/libxml/xmlIO.h:117,
from /Library/Developer/CommandLineTools/SDKs/MacOSX26.sdk/usr/include/libxml/parser.h:813,
from /private/tmp/php-20250914-13349-uqsk5o/php-8.4.12/ext/dom/php_dom.h:29,
from /private/tmp/php-20250914-13349-uqsk5o/php-8.4.12/ext/dom/attr.c:26:
/private/tmp/php-20250914-13349-uqsk5o/php-8.4.12/ext/dom/attr.c: In function 'dom_compare_value':
/private/tmp/php-20250914-13349-uqsk5o/php-8.4.12/ext/dom/attr.c:208:17: error: called object 'free' is not a function or function pointer
208 | xmlFree(attr_value);
| ^~~~~~~
/private/tmp/php-20250914-13349-uqsk5o/php-8.4.12/ext/dom/attr.c:204:14: note: declared here
204 | bool free;
| ^~~~
make: *** [ext/dom/attr.lo] Error 1
```
Closes GH-19832.
Signed-off-by: Ruoyu Zhong <zhongruoyu@outlook.com>
xmlSave() also can flush in some cases. When the encoding is not
available this can fail for short inputs, resulting in an empty string
which is interned but then wrongly tagged by RETURN_NEW_STR.
Fix this by checking the error condition and switching to RETURN_STR for
defense-in-depth.
This issue also exists on 8.3, but does not crash; however, due to the
different API usage internally I cannot easily fix it on 8.3. There it
gives a partial output.
Closes GH-18606.
* PHP-8.3:
Fix GH-18309: ipv6 filter integer overflow
Fix GH-18304: Changing the properties of a DateInterval through dynamic properties triggers a SegFault
For dynamic fetches the cache_slot will be NULL, so we have to check for
that when resetting the cache. For zip and xmlreader this couldn't
easily be tested because of a lack of writable properties.
Closes GH-18307.
The cache slot for FETCH_OBJ_W in function `test` is primed with the
class for C. The next call uses a simplexml instance and reuses the same
cache slot. simplexml's get_property_ptr handler does not use the cache
slot, so the old values remain in the cache slot. When
`zend_handle_fetch_obj_flags` is called this is not guarded by a check
for the class entry. So we end up using the prop_info from the property
C::$a instead of the simplexml property.
This patch adds a reset to the cache slots in the property address fetch
code and also in the extensions with a non-standard reference handler.
This keeps the run time cache consistent and avoids the issue without
complicating the fast paths.
Closes GH-17739.
The array merging function may still hold the properties array while the
object is already being destroyed. Therefore, we should take into
account the refcount in simplexml's destruction code.
It may be possible to trigger this in other ways too.
Closes GH-17421.
* PHP-8.3:
Fix GH-16777: Calling the constructor again on a DOM object after it is in a document causes UAF
Fix GH-16808: Segmentation fault in RecursiveIteratorIterator->current() with a xml element input
When the current data is invalid, NULL must be returned. At least that's
how the check in SPL works and how other extensions do this as well.
If we don't do this, an UNDEF value gets propagated to a return value
(misprinted as null); leading to issues.
Closes GH-16825.
We should check if the iterator data is still valid, because if it
isn't, then the type info is UNDEF, but the pointer value may be
dangling.
Closes GH-15841.
When a class (or enum) has no methods, rather than using an array that only
contains `ZEND_FE_END`, use `NULL` for the functions. The implementation of
class registration for internal classes, `do_register_internal_class()` in
zend_API.c, already skips classes where the functions are `NULL`. By removing
these unneeded arrays, we can reduce the size of the header files, while also
removing an unneeded call to zend_register_functions() for each internal class
with no extra methods.
Currently, internal classes are registered with the following code:
INIT_CLASS_ENTRY(ce, "InternalClass", class_InternalClass_methods);
class_entry = zend_register_internal_class_ex(&ce, NULL);
class_entry->ce_flags |= ...;
This has worked well so far, except if InternalClass is readonly. It is because some inheritance checks are run by zend_register_internal_class_ex before ZEND_ACC_READONLY_CLASS is added to ce_flags.
The issue is fixed by adding a zend_register_internal_class_with_flags() zend API function that stubs can use from now on. This function makes sure to add the flags before running any checks. Since the new API is not available in lower PHP versions, gen_stub.php has to keep support for the existing API for PHP 8.3 and below.
Because the signature is checked at compile time, we know that the only
possible return value (if there is no exception) is IS_LONG. So we can
avoid some work.
- PHP_SETUP_LIBXML arguments quoted
- Help texts updated for HAVE_LIBXML, HAVE_DOM, HAVE_XMLREADER,
HAVE_XMLWRITER, HAVE_SOAP, HAVE_SIMPLEXML, and HAVE_XML CPP macros
- Duplicate HAVE_LIBXML symbol definition in PHP_SETUP_LIBXML M4 macro
removed (the HAVE_LIBXML marks that PHP libxml extension is available and
not only that libxml2 library is available)
