From c891118ce98054233dd1b27ec61d74e3008ae710 Mon Sep 17 00:00:00 2001
From: Nuno Lopes <nlopess@php.net>
Date: Thu, 20 Sep 2007 22:30:49 +0000
Subject: [PATCH] MFB: fix crash in tidy_get_body() and related functions when
 the node doesnt exist

---
 ext/tidy/tests/029.phpt | 28 ++++++++++++++++++++++++++++
 ext/tidy/tidy.c         | 33 +++++++++++++++++++--------------
 2 files changed, 47 insertions(+), 14 deletions(-)
 create mode 100644 ext/tidy/tests/029.phpt

diff --git a/ext/tidy/tests/029.phpt b/ext/tidy/tests/029.phpt
new file mode 100644
index 0000000000..1709cd6f09
--- /dev/null
+++ b/ext/tidy/tests/029.phpt
@@ -0,0 +1,28 @@
+--TEST--
+tidy_get_body() crash
+--SKIPIF--
+<?php if (!extension_loaded('tidy')) die('skip'); ?>
+--FILE--
+<?php
+
+// bug report taken from http://news.php.net/php.notes/130628
+
+$inputs = array(
+	'<frameset > </frameset>',
+	'<html><frameset> </frameset> </html',
+);
+
+
+foreach ($inputs as $input) { 
+
+	$t = tidy_parse_string($input);
+	$t->cleanRepair();
+	var_dump(tidy_get_body($t));
+}
+
+echo "Done\n";
+?>
+--EXPECT--
+NULL
+NULL
+Done
diff --git a/ext/tidy/tidy.c b/ext/tidy/tidy.c
index a5fadf7680..a4d11f33c4 100644
--- a/ext/tidy/tidy.c
+++ b/ext/tidy/tidy.c
@@ -902,37 +902,42 @@ static void *php_tidy_get_opt_val(PHPTidyDoc *ptdoc, TidyOption opt, TidyOptionT
 	return NULL;
 }
 
-static void php_tidy_create_node(INTERNAL_FUNCTION_PARAMETERS, tidy_base_nodetypes node)
+static void php_tidy_create_node(INTERNAL_FUNCTION_PARAMETERS, tidy_base_nodetypes node_type)
 {
 	PHPTidyObj *newobj;
+	TidyNode node;
 	TIDY_FETCH_OBJECT;
 
-	tidy_instanciate(tidy_ce_node, return_value TSRMLS_CC);
-	newobj = (PHPTidyObj *) zend_object_store_get_object(return_value TSRMLS_CC);
-	newobj->type = is_node;
-	newobj->ptdoc = obj->ptdoc;
-	newobj->ptdoc->ref_count++;
-	newobj->converter = obj->converter;
-	if (obj->converter) obj->converter->ref_count++;
-
-	switch(node) {
+	switch (node_type) {
 		case is_root_node:
-			newobj->node = tidyGetRoot(newobj->ptdoc->doc);
+			node = tidyGetRoot(obj->ptdoc->doc);
 			break;
 
 		case is_html_node:
-			newobj->node = tidyGetHtml(newobj->ptdoc->doc);
+			node = tidyGetHtml(obj->ptdoc->doc);
 			break;
 
 		case is_head_node:
-			newobj->node = tidyGetHead(newobj->ptdoc->doc);
+			node = tidyGetHead(obj->ptdoc->doc);
 			break;
 
 		case is_body_node:
-			newobj->node = tidyGetBody(newobj->ptdoc->doc);
+			node = tidyGetBody(obj->ptdoc->doc);
 			break;
 	}
 
+	if (!node) {
+		RETURN_NULL();
+	}
+
+	tidy_instanciate(tidy_ce_node, return_value TSRMLS_CC);
+	newobj = (PHPTidyObj *) zend_object_store_get_object(return_value TSRMLS_CC);
+	newobj->type = is_node;
+	newobj->ptdoc = obj->ptdoc;
+	newobj->ptdoc->ref_count++;
+	newobj->converter = obj->converter;
+	if (obj->converter) obj->converter->ref_count++;
+
 	tidy_add_default_properties(newobj, is_node TSRMLS_CC);
 }
 
-- 
2.50.1