From: Nuno Lopes <nlopess@php.net>
Date: Thu, 20 Sep 2007 22:25:06 +0000 (+0000)
Subject: fix crash when fetching a node type that doesnt exist
X-Git-Tag: php-5.2.5RC1~115
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=fa0efe45e0540c756c7f5f16e724f65313fbec2e;p=php

fix crash when fetching a node type that doesnt exist
# reported in a manual user note
---

diff --git a/ext/tidy/tests/029.phpt b/ext/tidy/tests/029.phpt
new file mode 100644
index 0000000000..1709cd6f09
--- /dev/null
+++ b/ext/tidy/tests/029.phpt
@@ -0,0 +1,28 @@
+--TEST--
+tidy_get_body() crash
+--SKIPIF--
+<?php if (!extension_loaded('tidy')) die('skip'); ?>
+--FILE--
+<?php
+
+// bug report taken from http://news.php.net/php.notes/130628
+
+$inputs = array(
+	'<frameset > </frameset>',
+	'<html><frameset> </frameset> </html',
+);
+
+
+foreach ($inputs as $input) { 
+
+	$t = tidy_parse_string($input);
+	$t->cleanRepair();
+	var_dump(tidy_get_body($t));
+}
+
+echo "Done\n";
+?>
+--EXPECT--
+NULL
+NULL
+Done
diff --git a/ext/tidy/tidy.c b/ext/tidy/tidy.c
index ffed15523d..cb2525ce0e 100644
--- a/ext/tidy/tidy.c
+++ b/ext/tidy/tidy.c
@@ -870,35 +870,41 @@ static void *php_tidy_get_opt_val(PHPTidyDoc *ptdoc, TidyOption opt, TidyOptionT
 	return NULL;
 }
 
-static void php_tidy_create_node(INTERNAL_FUNCTION_PARAMETERS, tidy_base_nodetypes node)
+static void php_tidy_create_node(INTERNAL_FUNCTION_PARAMETERS, tidy_base_nodetypes node_type)
 {
 	PHPTidyObj *newobj;
+	TidyNode node;
 	TIDY_FETCH_OBJECT;
 
-	tidy_instanciate(tidy_ce_node, return_value TSRMLS_CC);
-	newobj = (PHPTidyObj *) zend_object_store_get_object(return_value TSRMLS_CC);
-	newobj->type = is_node;
-	newobj->ptdoc = obj->ptdoc;
-	newobj->ptdoc->ref_count++;
-
-	switch(node) {
+	switch (node_type) {
 		case is_root_node:
-			newobj->node = tidyGetRoot(newobj->ptdoc->doc);
+			node = tidyGetRoot(obj->ptdoc->doc);
 			break;
 
 		case is_html_node:
-			newobj->node = tidyGetHtml(newobj->ptdoc->doc);
+			node = tidyGetHtml(obj->ptdoc->doc);
 			break;
 
 		case is_head_node:
-			newobj->node = tidyGetHead(newobj->ptdoc->doc);
+			node = tidyGetHead(obj->ptdoc->doc);
 			break;
 
 		case is_body_node:
-			newobj->node = tidyGetBody(newobj->ptdoc->doc);
+			node = tidyGetBody(obj->ptdoc->doc);
 			break;
 	}
 
+	if (!node) {
+		RETURN_NULL();
+	}
+
+	tidy_instanciate(tidy_ce_node, return_value TSRMLS_CC);
+	newobj = (PHPTidyObj *) zend_object_store_get_object(return_value TSRMLS_CC);
+	newobj->type  = is_node;
+	newobj->ptdoc = obj->ptdoc;
+	newobj->node  = node;
+	newobj->ptdoc->ref_count++;
+
 	tidy_add_default_properties(newobj, is_node TSRMLS_CC);
 }