diff --git a/ext/dom/tests/modern/xml/gh18979.phpt b/ext/dom/tests/modern/xml/gh18979.phpt
new file mode 100644
index 00000000000..3a90bd58377
--- /dev/null
+++ b/ext/dom/tests/modern/xml/gh18979.phpt
@@ -0,0 +1,13 @@
+--TEST--
+GH-18979 (DOM\XMLDocument::createComment() triggers undefined behavior with null byte)
+--EXTENSIONS--
+dom
+--FILE--
+<?php
+$dom = Dom\XMLDocument::createEmpty();
+$container = $dom->createElement("container");
+$container->append($dom->createComment("\0"));
+var_dump($container->innerHTML);
+?>
+--EXPECT--
+string(7) "<!---->"
diff --git a/ext/dom/xml_serializer.c b/ext/dom/xml_serializer.c
index debbb41fdad..a4b46082b0e 100644
--- a/ext/dom/xml_serializer.c
+++ b/ext/dom/xml_serializer.c
@@ -640,7 +640,11 @@ static int dom_xml_serialize_comment_node(xmlOutputBufferPtr out, xmlNodePtr com
 		const xmlChar *ptr = comment->content;
 		if (ptr != NULL) {
 			TRY(dom_xml_check_char_production(ptr));
-			if (strstr((const char *) ptr, "--") != NULL || ptr[strlen((const char *) ptr) - 1] == '-') {
+			if (strstr((const char *) ptr, "--") != NULL) {
+				return -1;
+			}
+			size_t len = strlen((const char *) ptr);
+			if (len > 0 && ptr[len - 1] == '-') {
 				return -1;
 			}
 		}