From d32b97a1c76c2ac563611cdcd16967b5fe292396 Mon Sep 17 00:00:00 2001
From: Niels Dossche <7771979+nielsdos@users.noreply.github.com>
Date: Fri, 23 Aug 2024 19:38:13 +0200
Subject: [PATCH] Fix NULL pointer dereference with NULL content in legacy
nodes in title getting (#15558)
---
ext/dom/html_document.c | 2 +-
ext/dom/tests/modern/common/Document_title_getter.phpt | 5 +++++
2 files changed, 6 insertions(+), 1 deletion(-)
diff --git a/ext/dom/html_document.c b/ext/dom/html_document.c
index 18c6c909ad6..55d9fdfe450 100644
--- a/ext/dom/html_document.c
+++ b/ext/dom/html_document.c
@@ -1467,7 +1467,7 @@ static zend_string *dom_get_child_text_content(const xmlNode *node)
const xmlNode *text = node->children;
while (text != NULL) {
- if (text->type == XML_TEXT_NODE || text->type == XML_CDATA_SECTION_NODE) {
+ if ((text->type == XML_TEXT_NODE || text->type == XML_CDATA_SECTION_NODE) && text->content != NULL) {
smart_str_appends(&content, (const char *) text->content);
}
text = text->next;
diff --git a/ext/dom/tests/modern/common/Document_title_getter.phpt b/ext/dom/tests/modern/common/Document_title_getter.phpt
index eb4f4b7cdb5..7aeb95d0efd 100644
--- a/ext/dom/tests/modern/common/Document_title_getter.phpt
+++ b/ext/dom/tests/modern/common/Document_title_getter.phpt
@@ -43,6 +43,10 @@ var_dump($dom->title);
$dom = Dom\XMLDocument::createFromString("title\nhere");
var_dump($dom->title);
+$dom = Dom\XMLDocument::createFromString("");
+$dom->getElementsByTagName('title')[0]->appendChild($dom->importLegacyNode(new DOMText));
+var_dump($dom->title);
+
echo "=== SVG namespaced root ===\n";
$dom = Dom\XMLDocument::createFromString("title");
@@ -72,6 +76,7 @@ string(0) ""
string(2) "xz"
string(2) "yw"
string(10) "title here"
+string(0) ""
=== SVG namespaced root ===
string(5) "title"
string(5) "title"