Skip to content

Segmentation fault (access null pointer) in ext/dom/parentnode/tree.c #16039

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
YuanchengJiang opened this issue Sep 25, 2024 · 2 comments
Closed

Segmentation fault (access null pointer) in ext/dom/parentnode/tree.c #16039

YuanchengJiang opened this issue Sep 25, 2024 · 2 comments
Assignees
@nielsdos
Labels
Bug Extension: dom Status: Verified

Comments

@YuanchengJiang
Copy link

Description

The following code:

<?php
$entity = new DOMEntity();
$fusion = $entity;
$dom = new DOMDocument;
$element = $dom->appendChild($dom->createElement('root'));
$str = str_repeat('X', 2**31 + 10);
try {
$element->append('x', $str);
} catch (ValueError $e) {
$element->prepend('x', $fusion);
}

Resulted in this output:

/php-src/ext/dom/parentnode/tree.c:245:12: runtime error: member access within null pointer of type 'xmlNode' (aka 'struct _xmlNode')
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /php-src/ext/dom/parentnode/tree.c:245

To reproduce:

-d "memory_limit=-1"

PHP Version

PHP 8.4.0-dev

Operating System

ubuntu 22.04
@DanielEScherzer
Copy link
Member

DanielEScherzer commented Sep 25, 2024
edited
Loading

Minimal reproduction:

<?php
$dom = new DOMDocument;
$element = $dom->appendChild($dom->createElement('root'));
$str = str_repeat('X', 2**31 + 10);
try {
    $element->append('x', $str);
} catch (ValueError $e) {
    $element->prepend('x', new DOMEntity());
}

@nielsdos
Copy link
Member

Very old bug, must've been here since the beginning that DOMParentNode was here.

nielsdos added a commit to nielsdos/php-src that referenced this issue Sep 25, 2024
@nielsdos
Fix phpGH-16039: Segmentation fault (access null pointer) in ext/dom/…
459592d 
…parentnode/tree.c

dom_object_get_node() can fail if we don't have a user object
associated.
@nielsdos nielsdos linked a pull request Sep 25, 2024 that will close this issue
Fix GH-16039: Segmentation fault (access null pointer) in ext/dom/parentnode/tree.c #16056
Closed
nielsdos added a commit to nielsdos/php-src that referenced this issue Sep 25, 2024
@nielsdos
Fix phpGH-16039: Segmentation fault (access null pointer) in ext/dom/…
555d240 
…parentnode/tree.c

dom_object_get_node() can fail if we don't have a user object
associated.

Closes phpGH-16056.
nielsdos added a commit that referenced this issue Sep 25, 2024
@nielsdos
Merge branch 'PHP-8.2' into PHP-8.3
68d494d 
* PHP-8.2:
  Fix GH-16039: Segmentation fault (access null pointer) in ext/dom/parentnode/tree.c
nielsdos added a commit that referenced this issue Sep 25, 2024
@nielsdos
Merge branch 'PHP-8.3' into PHP-8.4
9754674 
* PHP-8.3:
  Fix GH-16039: Segmentation fault (access null pointer) in ext/dom/parentnode/tree.c
nielsdos added a commit that referenced this issue Sep 25, 2024
@nielsdos
Merge branch 'PHP-8.4'
0d1d905 
* PHP-8.4:
  Fix GH-16039: Segmentation fault (access null pointer) in ext/dom/parentnode/tree.c
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@nielsdos nielsdos

Labels
Bug Extension: dom Status: Verified
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix GH-16039: Segmentation fault (access null pointer) in ext/dom/parentnode/tree.c nielsdos/php-src
4 participants
@devnexen @nielsdos @YuanchengJiang @DanielEScherzer