Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix GH-14652: segfault on node without document. #14653

Merged
merged 1 commit into from
Jun 24, 2024
Merged

Conversation

devnexen
Copy link
Member

do not bother trying to clone the inner document if there is none to begin with.

@devnexen devnexen force-pushed the gh14652 branch 3 times, most recently from ab7278b to e5a5e41 Compare June 24, 2024 17:59
@devnexen devnexen marked this pull request as ready for review June 24, 2024 20:19
@devnexen devnexen requested a review from nielsdos as a code owner June 24, 2024 20:19
@@ -584,7 +584,7 @@ static zend_object *dom_objects_store_clone_obj(zend_object *zobject) /* {{{ */

if (instanceof_function(intern->std.ce, dom_node_class_entry) || instanceof_function(intern->std.ce, dom_modern_node_class_entry)) {
xmlNodePtr node = (xmlNodePtr)dom_object_get_node(intern);
if (node != NULL) {
if (node != NULL && node->doc) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The patch isn't right unfortunately.
This will break the following code: https://3v4l.org/dq0ct

This could've been revealed if your test was more elaborate, when dealing with things like this I recommend also dumping some state of the objects to see if this has consequences.

The right way to fix this is by adding a null check (ns_mapper != NULL) around the assignment of clone->document->private_data. The reason being that:

  • clone->document will be NULL for documentless nodes, and for old DOM setting this is pointless anyway
  • only new DOM uses the ns_mapper, and it will always have an internal document reference set (the fact that your ->document or ->doc pointer can be NULL in old DOM is imo a design mistake that I got rid of in new DOM).

}
}
$clone = clone $script1_dataflow;
echo "OK";
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please make sure to close tests with ?> so that phpt files can be run directly.

@nielsdos nielsdos changed the title Fix GH-14652: segfault on node witout document. Fix GH-14652: segfault on node without document. Jun 24, 2024
@nielsdos
Copy link
Member

I think it'd be good to just copy the test code from the 3v4l link, as that code is cleaner + tests the object state.

do not bother trying to clone the inner document if there is none to
begin with.
Copy link
Member

@nielsdos nielsdos left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@devnexen devnexen merged commit 5c55306 into php:master Jun 24, 2024
9 of 11 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants