Skip to content

Commit

Permalink
Merge branch 'PHP-5.6' into PHP-7.0
Browse files Browse the repository at this point in the history
  • Loading branch information
@cmb69
cmb69 committed Aug 20, 2016
2 parents a556543 + 9164dc1 commit db1ef5c
Show file tree
Hide file tree
Showing 3 changed files with 50 additions and 6 deletions.
1 change: 1 addition & 0 deletions NEWS
View file
Original file line number Diff line number Diff line change
Expand Up @@ -57,6 +57,7 @@ PHP NEWS

- XML:
. Fixed bug #72085 (SEGV on unknown address zif_xml_parse). (cmb)
. Fixed bug #72714 (_xml_startElementHandler() segmentation fault). (cmb)

- ZIP:
. Fixed bug #68302 (impossible to compile php with zip support). (cmb)
Expand Down
35 changes: 35 additions & 0 deletions ext/xml/tests/bug72714.phpt
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
--TEST--
Bug #72714 (_xml_startElementHandler() segmentation fault)
--SKIPIF--
<?php
if (!extension_loaded('xml')) die('skip xml extension not available');
?>
--FILE--
<?php
function startElement($parser, $name, $attribs) {
var_dump($name);
}

function endElement($parser, $name) {}

function parse($tagstart) {
$xml = '<ns1:total>867</ns1:total>';

$xml_parser = xml_parser_create();
xml_set_element_handler($xml_parser, 'startElement', 'endElement');

xml_parser_set_option($xml_parser, XML_OPTION_SKIP_TAGSTART, $tagstart);
xml_parse($xml_parser, $xml);

xml_parser_free($xml_parser);
}

parse(3015809298423721);
parse(20);
?>
===DONE===
--EXPECTF--
Notice: xml_parser_set_option(): tagstart ignored in %s%ebug72714.php on line %d
string(9) "NS1:TOTAL"
string(0) ""
===DONE===
20 changes: 14 additions & 6 deletions ext/xml/xml.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -69,6 +69,10 @@ ZEND_GET_MODULE(xml)
#endif /* COMPILE_DL_XML */
/* }}} */


#define SKIP_TAGSTART(str) ((str) + (parser->toffset > strlen(str) ? strlen(str) : + parser->toffset))


/* {{{ function prototypes */
PHP_MINIT_FUNCTION(xml);
PHP_MINFO_FUNCTION(xml);
Expand Down Expand Up @@ -729,7 +733,7 @@ void _xml_startElementHandler(void *userData, const XML_Char *name, const XML_Ch

if (!Z_ISUNDEF(parser->startElementHandler)) {
ZVAL_COPY(&args[0], &parser->index);
ZVAL_STRING(&args[1], ZSTR_VAL(tag_name) + parser->toffset);
ZVAL_STRING(&args[1], SKIP_TAGSTART(ZSTR_VAL(tag_name)));
array_init(&args[2]);

while (attributes && *attributes) {
Expand Down Expand Up @@ -760,7 +764,7 @@ void _xml_startElementHandler(void *userData, const XML_Char *name, const XML_Ch

_xml_add_to_info(parser, ZSTR_VAL(tag_name) + parser->toffset);

add_assoc_string(&tag, "tag", ZSTR_VAL(tag_name) + parser->toffset); /* cast to avoid gcc-warning */
add_assoc_string(&tag, "tag", SKIP_TAGSTART(ZSTR_VAL(tag_name))); /* cast to avoid gcc-warning */
add_assoc_string(&tag, "type", "open");
add_assoc_long(&tag, "level", parser->level);

Expand Down Expand Up @@ -814,7 +818,7 @@ void _xml_endElementHandler(void *userData, const XML_Char *name)

if (!Z_ISUNDEF(parser->endElementHandler)) {
ZVAL_COPY(&args[0], &parser->index);
ZVAL_STRING(&args[1], ZSTR_VAL(tag_name) + parser->toffset);
ZVAL_STRING(&args[1], SKIP_TAGSTART(ZSTR_VAL(tag_name)));

xml_call_handler(parser, &parser->endElementHandler, parser->endElementPtr, 2, args, &retval);
zval_ptr_dtor(&retval);
Expand All @@ -830,7 +834,7 @@ void _xml_endElementHandler(void *userData, const XML_Char *name)

_xml_add_to_info(parser, ZSTR_VAL(tag_name) + parser->toffset);

add_assoc_string(&tag, "tag", ZSTR_VAL(tag_name) + parser->toffset); /* cast to avoid gcc-warning */
add_assoc_string(&tag, "tag", SKIP_TAGSTART(ZSTR_VAL(tag_name))); /* cast to avoid gcc-warning */
add_assoc_string(&tag, "type", "close");
add_assoc_long(&tag, "level", parser->level);

Expand Down Expand Up @@ -924,9 +928,9 @@ void _xml_characterDataHandler(void *userData, const XML_Char *s, int len)
if (parser->level <= XML_MAXLEVEL && parser->level > 0) {
array_init(&tag);

_xml_add_to_info(parser,parser->ltags[parser->level-1] + parser->toffset);
_xml_add_to_info(parser,SKIP_TAGSTART(parser->ltags[parser->level-1]));

add_assoc_string(&tag, "tag", parser->ltags[parser->level-1] + parser->toffset);
add_assoc_string(&tag, "tag", SKIP_TAGSTART(parser->ltags[parser->level-1]));
add_assoc_str(&tag, "value", decoded_value);
add_assoc_string(&tag, "type", "cdata");
add_assoc_long(&tag, "level", parser->level);
Expand Down Expand Up @@ -1605,6 +1609,10 @@ PHP_FUNCTION(xml_parser_set_option)
case PHP_XML_OPTION_SKIP_TAGSTART:
convert_to_long_ex(val);
parser->toffset = Z_LVAL_P(val);
if (parser->toffset < 0) {
php_error_docref(NULL TSRMLS_CC, E_NOTICE, "tagstart ignored");
parser->toffset = 0;
}
break;
case PHP_XML_OPTION_SKIP_WHITE:
convert_to_long_ex(val);
Expand Down

0 comments on commit db1ef5c

Please sign in to comment.