archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-15 21:48:51 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Fix GH-15192: Segmentation fault in dom extension (html5_serializer)

Browse source 
When cloning a document, doc will not be equal to the actual new
document clone->doc. clone->doc will always point to the correct
document so use that instead when comparing document nodes.

Closes GH-15198.
This commit is contained in:
Niels Dossche 2024-08-01 20:43:32 +02:00
parent 85fa983fe6
commit 76ad89ccff
No known key found for this signature in database
GPG key ID: B8A8AD166DF0E2E5
3 changed files with 81 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

5
ext/dom/php_dom.c
View file

@ -2579,7 +2579,10 @@ xmlNodePtr dom_clone_node(php_dom_libxml_ns_mapper *ns_mapper, xmlNodePtr node,
if (ns_mapper != NULL) {
xmlNodePtr clone = dom_clone_helper(ns_mapper, node, doc, recursive);
if (EXPECTED(clone != NULL) && doc != node->doc) {
/* Defensively set doc to NULL because we should not be using it after this point.
* When cloning a document the new document will be clone->doc, not doc. */
doc = NULL;
if (EXPECTED(clone != NULL) && clone->doc != node->doc) {
/* We only need to reconcile the namespace when the document changes because the namespaces have to be
* put into their respective namespace mapper. */
if (clone->type == XML_DOCUMENT_NODE || clone->type == XML_HTML_DOCUMENT_NODE || clone->type == XML_DOCUMENT_FRAG_NODE) {