- Fixed a NULL pointer dereference when processing invalid XML-RPC
requests (Fixes CVE-2010-0397, bug #51288). (Raphael Geissert)
+- Fixed bug #51615 (PHP crash with wrong HTML in SimpleXML). (Felipe)
- Fixed bug #51609 (pg_copy_to: Invalid results when using fourth parameter).
(Felipe)
- Fixed bug #51608 (pg_copy_to: WARNING: nonstandard use of \\ in a string
static inline char * sxe_xmlNodeListGetString(xmlDocPtr doc, xmlNodePtr list, int inLine)
{
xmlChar *tmp = xmlNodeListGetString(doc, list, inLine);
- char *res = estrdup((char*)tmp);
-
- xmlFree(tmp);
+ char *res;
+
+ if (tmp) {
+ res = estrdup((char*)tmp);
+ xmlFree(tmp);
+ } else {
+ res = STR_EMPTY_ALLOC();
+ }
return res;
}
--- /dev/null
+--TEST--
+Bug #51615 (PHP crash with wrong HTML in SimpleXML)
+--SKIPIF--
+<?php if (!extension_loaded("simplexml")) print "skip"; ?>
+--FILE--
+<?php
+
+$dom = new DOMDocument;
+$dom->loadHTML('<span title=""y">x</span><span title=""z">x</span>');
+$html = simplexml_import_dom($dom);
+
+foreach ($html->body->span as $obj) {
+ var_dump((string)$obj->title);
+}
+
+?>
+--EXPECTF--
+Warning: DOMDocument::loadHTML(): error parsing attribute name in Entity, line: 1 in %s on line %d
+
+Warning: DOMDocument::loadHTML(): error parsing attribute name in Entity, line: 1 in %s on line %d
+string(0) ""
+string(0) ""
projects / php / commitdiff