From be10613a16f4c4f571978ef9467a56a6d8aaeb36 Mon Sep 17 00:00:00 2001 From: Benjamin Eberlei Date: Fri, 20 Sep 2019 22:59:53 +0200 Subject: [PATCH 1/2] Fixed bug #78577 --- ext/dom/element.c | 4 +-- ext/dom/tests/bug78577.phpt | 62 +++++++++++++++++++++++++++++++++++++ 2 files changed, 63 insertions(+), 3 deletions(-) create mode 100644 ext/dom/tests/bug78577.phpt diff --git a/ext/dom/element.c b/ext/dom/element.c index 56499ea628fb0..0f2a8a8d2032e 100644 --- a/ext/dom/element.c +++ b/ext/dom/element.c @@ -499,9 +499,7 @@ PHP_FUNCTION(dom_element_get_attribute_node) if (attrp->type == XML_NAMESPACE_DECL) { xmlNsPtr curns; - xmlNodePtr nsparent; - nsparent = attrp->_private; curns = xmlNewNs(NULL, attrp->name, NULL); if (attrp->children) { curns->prefix = xmlStrdup((xmlChar *) attrp->children); @@ -512,7 +510,7 @@ PHP_FUNCTION(dom_element_get_attribute_node) attrp = xmlNewDocNode(nodep->doc, NULL, (xmlChar *)"xmlns", attrp->name); } attrp->type = XML_NAMESPACE_DECL; - attrp->parent = nsparent; + attrp->parent = nodep; attrp->ns = curns; } diff --git a/ext/dom/tests/bug78577.phpt b/ext/dom/tests/bug78577.phpt new file mode 100644 index 0000000000000..0d03085534820 --- /dev/null +++ b/ext/dom/tests/bug78577.phpt @@ -0,0 +1,62 @@ +--TEST-- +Bug #78577 DOMNameSpaceNode::parentNode on xmlns segfaults +--SKIPIF-- + +--FILE-- +loadXML(<< + + +XML +); + +$attr1 = $doc->documentElement->getAttributeNode("foo"); +$element = $doc->documentElement->getElementsByTagName("bar")[0]; +$attr2 = $element->getAttributeNode("baz"); +$attrXmlnsFoo = $doc->documentElement->getAttributeNode("xmlns:foo"); +$attrXmlns = $doc->documentElement->getAttributeNode('xmlns'); + +if ($attr1->parentNode === $doc->documentElement) { + echo "attr1\n"; +} + +if ($attr2->parentNode === $element) { + echo "attr2\n"; +} + +if ($attrXmlnsFoo->parentNode === $doc->documentElement) { + echo "attrXmlnsFoo\n"; +} + +if ($attrXmlns->parentNode === $doc->documentElement) { + echo "attrXmlns\n"; +} + +var_dump($attrXmlns); + +--EXPECTF-- +attr1 +attr2 +attrXmlnsFoo +attrXmlns +object(DOMNameSpaceNode)#7 (8) { + ["nodeName"]=> + string(5) "xmlns" + ["nodeValue"]=> + string(19) "http://php.net/test" + ["nodeType"]=> + int(18) + ["prefix"]=> + string(0) "" + ["localName"]=> + string(5) "xmlns" + ["namespaceURI"]=> + string(19) "http://php.net/test" + ["ownerDocument"]=> + string(22) "(object value omitted)" + ["parentNode"]=> + string(22) "(object value omitted)" +} From bb83301d3bb27d69d49249a151cb6d1cadf0b9e1 Mon Sep 17 00:00:00 2001 From: Benjamin Eberlei Date: Fri, 4 Oct 2019 18:56:33 +0200 Subject: [PATCH 2/2] Bug #78577: Add casts to xmlNsPtr and comment to clarify code. --- ext/dom/element.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/ext/dom/element.c b/ext/dom/element.c index 0f2a8a8d2032e..775b1e19c72b0 100644 --- a/ext/dom/element.c +++ b/ext/dom/element.c @@ -498,16 +498,17 @@ PHP_FUNCTION(dom_element_get_attribute_node) } if (attrp->type == XML_NAMESPACE_DECL) { + // attrp is an xmlNodePtr but must be casted to xmlNsPtr in this branch based on type xmlNsPtr curns; - curns = xmlNewNs(NULL, attrp->name, NULL); + curns = xmlNewNs(NULL, ((xmlNsPtr)attrp)->href, NULL); if (attrp->children) { - curns->prefix = xmlStrdup((xmlChar *) attrp->children); + curns->prefix = xmlStrdup(((xmlNsPtr)attrp)-> prefix); } if (attrp->children) { - attrp = xmlNewDocNode(nodep->doc, NULL, (xmlChar *) attrp->children, attrp->name); + attrp = xmlNewDocNode(nodep->doc, NULL, ((xmlNsPtr)attrp)->prefix, attrp->name); } else { - attrp = xmlNewDocNode(nodep->doc, NULL, (xmlChar *)"xmlns", attrp->name); + attrp = xmlNewDocNode(nodep->doc, NULL, (xmlChar *)"xmlns", ((xmlNsPtr)attrp)->href); } attrp->type = XML_NAMESPACE_DECL; attrp->parent = nodep;