From 900f0cab9f7ddc6b4154720f5a32b8f0346d56e1 Mon Sep 17 00:00:00 2001 From: icy17 <1061499390@qq.com> Date: Tue, 24 Oct 2023 16:09:40 +0800 Subject: [PATCH 1/2] Fix null pointer dereferences in case of allocation failure Closes GH-12506. --- NEWS | 7 +++++++ ext/dom/document.c | 3 +++ ext/xmlreader/php_xmlreader.c | 3 +++ ext/xmlwriter/php_xmlwriter.c | 3 +++ 4 files changed, 16 insertions(+) diff --git a/NEWS b/NEWS index 350d1f7dc7c..83594808d80 100644 --- a/NEWS +++ b/NEWS @@ -8,6 +8,7 @@ PHP NEWS - DOM: . Fix registerNodeClass with abstract class crashing. (nielsdos) + . Add missing NULL pointer error check. (icy17) - Fiber: . Fixed bug GH-11121 (ReflectionFiber segfault). (danog, trowski, bwoebi) @@ -39,6 +40,12 @@ PHP NEWS . Fixed bug #75708 (getimagesize with "&$imageinfo" fails on StreamWrappers). (Jakub Zelenka) +- XMLReader: + . Add missing NULL pointer error check. (icy17) + +- XMLWriter: + . Add missing NULL pointer error check. (icy17) + - XSL: . Add missing module dependency. (nielsdos) diff --git a/ext/dom/document.c b/ext/dom/document.c index 38bb4553a11..59f00897a69 100644 --- a/ext/dom/document.c +++ b/ext/dom/document.c @@ -1148,6 +1148,9 @@ char *_dom_get_valid_file_path(char *source, char *resolved_path, int resolved_p int isFileUri = 0; uri = xmlCreateURI(); + if (uri == NULL) { + return NULL; + } escsource = xmlURIEscapeStr((xmlChar *) source, (xmlChar *) ":"); xmlParseURIReference(uri, (char *) escsource); xmlFree(escsource); diff --git a/ext/xmlreader/php_xmlreader.c b/ext/xmlreader/php_xmlreader.c index 12be9ada011..3484cbdc5d9 100644 --- a/ext/xmlreader/php_xmlreader.c +++ b/ext/xmlreader/php_xmlreader.c @@ -211,6 +211,9 @@ char *_xmlreader_get_valid_file_path(char *source, char *resolved_path, int reso int isFileUri = 0; uri = xmlCreateURI(); + if (uri == NULL) { + return NULL; + } escsource = xmlURIEscapeStr((xmlChar *)source, (xmlChar *)":"); xmlParseURIReference(uri, (const char *)escsource); xmlFree(escsource); diff --git a/ext/xmlwriter/php_xmlwriter.c b/ext/xmlwriter/php_xmlwriter.c index 24ce414034a..2966747fc52 100644 --- a/ext/xmlwriter/php_xmlwriter.c +++ b/ext/xmlwriter/php_xmlwriter.c @@ -110,6 +110,9 @@ static char *_xmlwriter_get_valid_file_path(char *source, char *resolved_path, i int isFileUri = 0; uri = xmlCreateURI(); + if (uri == NULL) { + return NULL; + } escsource = xmlURIEscapeStr((xmlChar *)source, (xmlChar *) ":"); xmlParseURIReference(uri, (char *)escsource); xmlFree(escsource); From 98908db72b34dccdec4d4a1d9a47786690a99243 Mon Sep 17 00:00:00 2001 From: Niels Dossche <7771979+nielsdos@users.noreply.github.com> Date: Tue, 24 Oct 2023 19:35:55 +0200 Subject: [PATCH 2/2] [ci skip] NEWS --- NEWS | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/NEWS b/NEWS index 83594808d80..45ed412eef1 100644 --- a/NEWS +++ b/NEWS @@ -23,8 +23,8 @@ PHP NEWS upgrading to 8.1.3 due to corrupt on-disk file cache). (turchanov) - OpenSSL: - Fixed bug GH-12489 (Missing sigbio creation checking in openssl_cms_verify). - (Jakub Zelenka) + . Fixed bug GH-12489 (Missing sigbio creation checking in openssl_cms_verify). + (Jakub Zelenka) - SOAP: . Fixed bug GH-12392 (Segmentation fault on SoapClient::__getTypes).