When we decrement the refcount of a node's document, we state that we
won't need it anymore. Therefore we can *always* set the pointer to the
document to NULL, what avoids invalid memory accesses for some edge cases
as demonstrated with the PHPT.
Original patch provided by Sean Heelan.
. Fixed bug #66836 (DateTime::createFromFormat 'U' with pre 1970 dates fails
parsing). (derick)
+- DOM:
+ . Fixed bug #66502 (DOM document dangling reference). (Sean Heelan, cmb)
+
- Filter:
. Fixed bug #71745 (FILTER_FLAG_NO_RES_RANGE does not cover whole 127.0.0.0/8
range). (bugs dot php dot net at majkl578 dot cz)
--- /dev/null
+--TEST--
+Bug #66502 (DOM document dangling reference)
+--SKIPIF--
+<?php
+if (!extension_loaded('dom')) die('skip requires ext/dom');
+?>
+--FILE--
+<?php
+$dom = new DOMDocument('1.0', 'UTF-8');
+$element = $dom->appendChild(new DOMElement('root'));
+$comment = new DOMComment("Comment 0");
+$comment = $element->appendChild($comment);
+
+$comment->__construct("Comment 1");
+$comment->__construct("Comment 2");
+$comment->__construct("Comment 3");
+echo 'DONE', PHP_EOL;
+?>
+--EXPECT--
+DONE
\ No newline at end of file
efree(object->document->doc_props);
}
efree(object->document);
- object->document = NULL;
}
+ object->document = NULL;
}
return ret_refcount;
projects / php / commitdiff