From ee68c2212876f7e4a28bac2fc7d0c8c8aa950540 Mon Sep 17 00:00:00 2001 From: Tim Starling Date: Thu, 22 Dec 2022 11:43:20 +1100 Subject: [PATCH] Don't add 1 when calling xmlNodeSetContent() The length is passed to xmlStrndup(), which also adds 1, and adds a null terminator past the end. It worked because the length is not actually stored. Strings in libxml2 are null terminated. Passing the length just avoids a call to strlen(). --- ext/dom/characterdata.c | 2 +- ext/dom/node.c | 2 +- ext/dom/processinginstruction.c | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/ext/dom/characterdata.c b/ext/dom/characterdata.c index 2ff65a314d3..0a0373a5c1d 100644 --- a/ext/dom/characterdata.c +++ b/ext/dom/characterdata.c @@ -70,7 +70,7 @@ int dom_characterdata_data_write(dom_object *obj, zval *newval) return FAILURE; } - xmlNodeSetContentLen(nodep, (xmlChar *) ZSTR_VAL(str), ZSTR_LEN(str) + 1); + xmlNodeSetContentLen(nodep, (xmlChar *) ZSTR_VAL(str), ZSTR_LEN(str)); zend_string_release_ex(str, 0); return SUCCESS; diff --git a/ext/dom/node.c b/ext/dom/node.c index 0fa4d66cbc0..1caaad0ed36 100644 --- a/ext/dom/node.c +++ b/ext/dom/node.c @@ -185,7 +185,7 @@ int dom_node_node_value_write(dom_object *obj, zval *newval) case XML_COMMENT_NODE: case XML_CDATA_SECTION_NODE: case XML_PI_NODE: - xmlNodeSetContentLen(nodep, (xmlChar *) ZSTR_VAL(str), ZSTR_LEN(str) + 1); + xmlNodeSetContentLen(nodep, (xmlChar *) ZSTR_VAL(str), ZSTR_LEN(str)); break; default: break; diff --git a/ext/dom/processinginstruction.c b/ext/dom/processinginstruction.c index c40d24d18ce..1f85f91b281 100644 --- a/ext/dom/processinginstruction.c +++ b/ext/dom/processinginstruction.c @@ -130,7 +130,7 @@ int dom_processinginstruction_data_write(dom_object *obj, zval *newval) php_libxml_invalidate_node_list_cache_from_doc(nodep->doc); - xmlNodeSetContentLen(nodep, (xmlChar *) ZSTR_VAL(str), ZSTR_LEN(str) + 1); + xmlNodeSetContentLen(nodep, (xmlChar *) ZSTR_VAL(str), ZSTR_LEN(str)); zend_string_release_ex(str, 0); return SUCCESS;