tests bug38347.phpt

Antony Dovgal Sun, 06 Aug 2006 10:42:03 -0700

tony2001                Sun Aug  6 17:41:52 2006 UTC

  Added files:                 (Branch: PHP_5_2)
    /php-src/ext/simplexml/tests        bug38347.phpt


  Modified files:              
    /php-src    NEWS 
    /php-src/ext/libxml libxml.c 
    /php-src/ext/simplexml      simplexml.c 
  Log:
  MFH: fix #38347 (Segmentation fault when using foreach with an unknown/empty 
SimpleXMLElement)
  
  
http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.2027.2.547.2.183&r2=1.2027.2.547.2.184&diff_format=u
Index: php-src/NEWS
diff -u php-src/NEWS:1.2027.2.547.2.183 php-src/NEWS:1.2027.2.547.2.184
--- php-src/NEWS:1.2027.2.547.2.183     Fri Aug  4 20:31:19 2006
+++ php-src/NEWS        Sun Aug  6 17:41:51 2006
@@ -30,6 +30,8 @@
 - Fixed phpinfo() cutoff of variables at \0. (Ilia)
 - Fixed a bug in the filter extension that prevented magic_quotes_gpc from
   being applied when RAW filter is used. (Ilia)
+- Fixed bug #38347 (Segmentation fault when using foreach with an 
unknown/empty 
+  SimpleXMLElement). (Tony)
 - Fixed bug #38322 (reading past array in sscanf() leads to arbitary code 
   execution). (Tony)
 - Fixed bug #38303 (spl_autoload_register() supress all errors silently).
http://cvs.php.net/viewvc.cgi/php-src/ext/libxml/libxml.c?r1=1.32.2.7.2.5&r2=1.32.2.7.2.6&diff_format=u
Index: php-src/ext/libxml/libxml.c
diff -u php-src/ext/libxml/libxml.c:1.32.2.7.2.5 
php-src/ext/libxml/libxml.c:1.32.2.7.2.6
--- php-src/ext/libxml/libxml.c:1.32.2.7.2.5    Tue Jul  4 07:26:53 2006
+++ php-src/ext/libxml/libxml.c Sun Aug  6 17:41:51 2006
@@ -17,7 +17,7 @@
    +----------------------------------------------------------------------+
  */
 
-/* $Id: libxml.c,v 1.32.2.7.2.5 2006/07/04 07:26:53 dmitry Exp $ */
+/* $Id: libxml.c,v 1.32.2.7.2.6 2006/08/06 17:41:51 tony2001 Exp $ */
 
 #define IS_EXT_MODULE
 
@@ -966,8 +966,8 @@
                                efree(object->document->doc_props);
                        }
                        efree(object->document);
+                       object->document = NULL;
                }
-               object->document = NULL;
        }
 
        return ret_refcount;
@@ -1025,6 +1025,8 @@
                                obj_node->_private = NULL;
                        }
                }
+       }
+       if (object != NULL && object->document != NULL) {
                /* Safe to call as if the resource were freed then doc pointer 
is NULL */
                php_libxml_decrement_doc_ref(object TSRMLS_CC);
        }
http://cvs.php.net/viewvc.cgi/php-src/ext/simplexml/simplexml.c?r1=1.151.2.22.2.9&r2=1.151.2.22.2.10&diff_format=u
Index: php-src/ext/simplexml/simplexml.c
diff -u php-src/ext/simplexml/simplexml.c:1.151.2.22.2.9 
php-src/ext/simplexml/simplexml.c:1.151.2.22.2.10
--- php-src/ext/simplexml/simplexml.c:1.151.2.22.2.9    Sun Aug  6 13:27:46 2006
+++ php-src/ext/simplexml/simplexml.c   Sun Aug  6 17:41:51 2006
@@ -18,7 +18,7 @@
   +----------------------------------------------------------------------+
 */
 
-/* $Id: simplexml.c,v 1.151.2.22.2.9 2006/08/06 13:27:46 tony2001 Exp $ */
+/* $Id: simplexml.c,v 1.151.2.22.2.10 2006/08/06 17:41:51 tony2001 Exp $ */
 
 #ifdef HAVE_CONFIG_H
 #include "config.h"
@@ -195,6 +195,9 @@
 
        if (sxe->iter.type == SXE_ITER_ELEMENT) {
                orgnode = sxe_find_element_by_name(sxe, node, sxe->iter.name 
TSRMLS_CC);
+               if (!orgnode) {
+                       return NULL;
+               }
                node = orgnode->children;
        }
 
@@ -2310,7 +2313,7 @@
 {
        php_info_print_table_start();
        php_info_print_table_header(2, "Simplexml support", "enabled");
-       php_info_print_table_row(2, "Revision", "$Revision: 1.151.2.22.2.9 $");
+       php_info_print_table_row(2, "Revision", "$Revision: 1.151.2.22.2.10 $");
        php_info_print_table_row(2, "Schema support",
 #ifdef LIBXML_SCHEMAS_ENABLED
                "enabled");

http://cvs.php.net/viewvc.cgi/php-src/ext/simplexml/tests/bug38347.phpt?view=markup&rev=1.1
Index: php-src/ext/simplexml/tests/bug38347.phpt
+++ php-src/ext/simplexml/tests/bug38347.phpt
--TEST--
Bug #38347 (Segmentation fault when using foreach with an unknown/empty 
SimpleXMLElement)
--SKIPIF--
<?php if (!extension_loaded("simplexml")) print "skip"; ?>
--FILE--
<?php

function iterate($xml)
{
    print_r($xml);
    foreach ($xml->item as $item) {
        echo "This code will crash!";
    }
}

$xmlstr = "<xml><item>Item 1</item><item>Item 2</item></xml>";
$xml = simplexml_load_string($xmlstr);
iterate($xml->unknown);

echo "Done\n";
?>
--EXPECTF--     
SimpleXMLElement Object
(
)

Warning: iterate(): Node no longer exists in %s on line %d
Done
--UEXPECTF--
SimpleXMLElement Object
(
)

Warning: iterate(): Node no longer exists in %s on line %d
Done

-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP-CVS] cvs: php-src(PHP_5_2) / NEWS /ext/libxml libxml.c /ext/simplexml simplexml.c /ext/simplexml/tests bug38347.phpt

Reply via email to