1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
|
From 2a58d1391f2c46e6404dae42b9b64505f94323da Mon Sep 17 00:00:00 2001
From: "Christoph M. Becker" <cmbecker69@gmx.de>
Date: Thu, 13 Feb 2020 15:13:26 +0100
Subject: [PATCH 1/5] Fix #77569: Write Acess Violation in DomImplementation
We must not assume that the zval IS_STRING.
(cherry picked from commit cec8b24c848bab8562c82422f3692c193f0afcdb)
---
NEWS | 6 ++++++
ext/dom/document.c | 2 +-
ext/dom/tests/bug77569.phpt | 14 ++++++++++++++
3 files changed, 21 insertions(+), 1 deletion(-)
create mode 100644 ext/dom/tests/bug77569.phpt
diff --git a/NEWS b/NEWS
index a1dc8a81c3..5a6549e834 100644
--- a/NEWS
+++ b/NEWS
@@ -1,6 +1,12 @@
PHP NEWS
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
+Backported from 7.2.28
+
+- DOM:
+ . Fixed bug #77569: (Write Acess Violation in DomImplementation). (Nikita,
+ cmb)
+
Backported from 7.2.27
- Mbstring:
diff --git a/ext/dom/document.c b/ext/dom/document.c
index a884087f5f..29ef0a8cab 100644
--- a/ext/dom/document.c
+++ b/ext/dom/document.c
@@ -341,7 +341,7 @@ int dom_document_encoding_write(dom_object *obj, zval *newval)
str = zval_get_string(newval);
- handler = xmlFindCharEncodingHandler(Z_STRVAL_P(newval));
+ handler = xmlFindCharEncodingHandler(ZSTR_VAL(str));
if (handler != NULL) {
xmlCharEncCloseFunc(handler);
diff --git a/ext/dom/tests/bug77569.phpt b/ext/dom/tests/bug77569.phpt
new file mode 100644
index 0000000000..f0f3566708
--- /dev/null
+++ b/ext/dom/tests/bug77569.phpt
@@ -0,0 +1,14 @@
+--TEST--
+Bug #77569 (Write Acess Violation in DomImplementation)
+--SKIPIF--
+<?php
+if (!extension_loaded('dom')) die('skip dom extension not available');
+?>
+--FILE--
+<?php
+$imp = new DOMImplementation;
+$dom = $imp->createDocument("", "");
+$dom->encoding = null;
+?>
+--EXPECTF--
+Warning: main(): Invalid Document Encoding in %s on line %d
--
2.24.1
From 47310971e97b5be294a793bee7415c82f24d72ec Mon Sep 17 00:00:00 2001
From: "Christoph M. Becker" <cmbecker69@gmx.de>
Date: Fri, 14 Feb 2020 09:21:13 +0100
Subject: [PATCH 2/5] Fix typo in recent bugfix
(cherry picked from commit 8308196c97418ba4c8381bed0962ae160623027a)
---
NEWS | 2 +-
ext/dom/tests/bug77569.phpt | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/NEWS b/NEWS
index 5a6549e834..9467c98e33 100644
--- a/NEWS
+++ b/NEWS
@@ -4,7 +4,7 @@ PHP NEWS
Backported from 7.2.28
- DOM:
- . Fixed bug #77569: (Write Acess Violation in DomImplementation). (Nikita,
+ . Fixed bug #77569: (Write Access Violation in DomImplementation). (Nikita,
cmb)
Backported from 7.2.27
diff --git a/ext/dom/tests/bug77569.phpt b/ext/dom/tests/bug77569.phpt
index f0f3566708..9eef2af65a 100644
--- a/ext/dom/tests/bug77569.phpt
+++ b/ext/dom/tests/bug77569.phpt
@@ -1,5 +1,5 @@
--TEST--
-Bug #77569 (Write Acess Violation in DomImplementation)
+Bug #77569 (Write Access Violation in DomImplementation)
--SKIPIF--
<?php
if (!extension_loaded('dom')) die('skip dom extension not available');
--
2.24.1
|