archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-15 21:48:51 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Fix GHSA-wg4p-4hqh-c3g9

Browse source
This commit is contained in:
Niels Dossche 2024-12-18 18:44:05 +01:00
parent 17cf7cae64
commit ebf5902292
No known key found for this signature in database
GPG key ID: B8A8AD166DF0E2E5
2 changed files with 50 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

42
ext/xml/tests/toffset_bounds.phpt Normal file
View file

@ -0,0 +1,42 @@
--TEST--
XML_OPTION_SKIP_TAGSTART bounds
--EXTENSIONS--
xml
--FILE--
<?php
$sample = "<?xml version=\"1.0\"?><test><child/></test>";
$parser = xml_parser_create();
xml_parser_set_option($parser, XML_OPTION_SKIP_TAGSTART, 100);
$res = xml_parse_into_struct($parser,$sample,$vals,$index);
var_dump($vals);
?>
--EXPECT--
array(3) {
[0]=>
array(3) {
["tag"]=>
string(0) ""
["type"]=>
string(4) "open"
["level"]=>
int(1)
}
[1]=>
array(3) {
["tag"]=>
string(0) ""
["type"]=>
string(8) "complete"
["level"]=>
int(2)
}
[2]=>
array(3) {
["tag"]=>
string(0) ""
["type"]=>
string(5) "close"
["level"]=>
int(1)
}
}

12
ext/xml/xml.c
View file

@ -657,9 +657,11 @@ void _xml_startElementHandler(void *userData, const XML_Char *name, const XML_Ch
array_init(&tag);
array_init(&atr);
_xml_add_to_info(parser, ZSTR_VAL(tag_name) + parser->toffset);
char *skipped_tag_name = SKIP_TAGSTART(ZSTR_VAL(tag_name));
add_assoc_string(&tag, "tag", SKIP_TAGSTART(ZSTR_VAL(tag_name))); /* cast to avoid gcc-warning */
_xml_add_to_info(parser, skipped_tag_name);
add_assoc_string(&tag, "tag", skipped_tag_name);
add_assoc_string(&tag, "type", "open");
add_assoc_long(&tag, "level", parser->level);
@ -741,12 +743,14 @@ void _xml_endElementHandler(void *userData, const XML_Char *name)
add_assoc_string(zv, "type", "complete");
}
} else {
_xml_add_to_info(parser, ZSTR_VAL(tag_name) + parser->toffset);
char *skipped_tag_name = SKIP_TAGSTART(ZSTR_VAL(tag_name));
_xml_add_to_info(parser, skipped_tag_name);
zval *data = xml_get_separated_data(parser);
if (EXPECTED(data)) {
array_init(&tag);
add_assoc_string(&tag, "tag", SKIP_TAGSTART(ZSTR_VAL(tag_name))); /* cast to avoid gcc-warning */
add_assoc_string(&tag, "tag", skipped_tag_name);
add_assoc_string(&tag, "type", "close");
add_assoc_long(&tag, "level", parser->level);
zend_hash_next_index_insert(Z_ARRVAL_P(data), &tag);