diff --git a/ext/dom/inner_outer_html_mixin.c b/ext/dom/inner_outer_html_mixin.c
index b14c3ba708f..eee525cc47a 100644
--- a/ext/dom/inner_outer_html_mixin.c
+++ b/ext/dom/inner_outer_html_mixin.c
@@ -95,7 +95,7 @@ static zend_string *dom_element_html_fragment_serialize(dom_object *obj, xmlNode
status |= xmlOutputBufferFlush(out);
status |= xmlOutputBufferClose(out);
}
- (void) xmlSaveClose(ctxt);
+ status |= xmlSaveClose(ctxt);
xmlCharEncCloseFunc(handler);
}
if (UNEXPECTED(status < 0)) {
diff --git a/ext/dom/xml_document.c b/ext/dom/xml_document.c
index 2bd3d908d70..4d941de0f06 100644
--- a/ext/dom/xml_document.c
+++ b/ext/dom/xml_document.c
@@ -282,7 +282,7 @@ static zend_string *php_new_dom_dump_node_to_str_ex(xmlNodePtr node, int options
} else {
xmlCharEncCloseFunc(handler);
}
- (void) xmlSaveClose(ctxt);
+ status |= xmlSaveClose(ctxt);
}
if (UNEXPECTED(status < 0)) {
@@ -319,7 +319,7 @@ zend_long php_new_dom_dump_node_to_file(const char *filename, xmlDocPtr doc, xml
if (EXPECTED(ctxt != NULL)) {
status = dom_xml_serialize(ctxt, out, node, format, false, get_private_data_from_node(node));
status |= xmlOutputBufferFlush(out);
- (void) xmlSaveClose(ctxt);
+ status |= xmlSaveClose(ctxt);
}
size_t offset = php_stream_tell(stream);
diff --git a/ext/libxml/libxml.c b/ext/libxml/libxml.c
index 6bcb092fd29..5d5f3f383cd 100644
--- a/ext/libxml/libxml.c
+++ b/ext/libxml/libxml.c
@@ -1505,7 +1505,7 @@ static zend_string *php_libxml_default_dump_doc_to_str(xmlDocPtr doc, int option
}
long status = xmlSaveDoc(ctxt, doc);
- (void) xmlSaveClose(ctxt);
+ status |= xmlSaveClose(ctxt);
if (status < 0) {
smart_str_free_ex(&str, false);
return NULL;
diff --git a/ext/simplexml/simplexml.c b/ext/simplexml/simplexml.c
index 3ec45e30781..37a4ed46b4b 100644
--- a/ext/simplexml/simplexml.c
+++ b/ext/simplexml/simplexml.c
@@ -1403,7 +1403,8 @@ PHP_METHOD(SimpleXMLElement, asXML)
if (!result) {
RETURN_FALSE;
} else {
- RETURN_NEW_STR(result);
+ /* Defense-in-depth: don't use the NEW variant in case somehow an empty string gets returned */
+ RETURN_STR(result);
}
}
/* }}} */
diff --git a/ext/simplexml/tests/gh18597.phpt b/ext/simplexml/tests/gh18597.phpt
new file mode 100644
index 00000000000..e9176bf7ae0
--- /dev/null
+++ b/ext/simplexml/tests/gh18597.phpt
@@ -0,0 +1,17 @@
+--TEST--
+GH-18597 (Heap-buffer-overflow in zend_alloc.c when assigning string with UTF-8 bytes)
+--EXTENSIONS--
+simplexml
+--FILE--
+");
+$sx1->node[0] = 'node1';
+$node = $sx1->node[0];
+
+$node[0] = '��c';
+
+$sx1->asXML(); // Depends on the available system encodings whether this fails or not, point is, it should not crash
+echo "Done\n";
+?>
+--EXPECT--
+Done