diff options
| author | Stanislav Malyshev <stas@php.net> | 2016-02-14 23:35:29 -0800 |
|---|---|---|
| committer | Stanislav Malyshev <stas@php.net> | 2016-02-15 00:08:18 -0800 |
| commit | c11b23c46577e30e1e0a7c0abfb4c7ea735c34e1 (patch) | |
| tree | 63b01f0a51415c7cf71d3eeb130bfa1d0e07777a | |
| parent | a3927fa7f5ed2d4c398cbf5c6ae1157ec26d94b9 (diff) | |
| download | php-git-c11b23c46577e30e1e0a7c0abfb4c7ea735c34e1.tar.gz | |
Fix bug #71540 - NULL pointer dereference in xsl_ext_function_php()
| -rw-r--r-- | NEWS | 4 | ||||
| -rw-r--r-- | ext/xsl/tests/bug71540.phpt | 67 | ||||
| -rw-r--r-- | ext/xsl/xsltprocessor.c | 4 |
3 files changed, 75 insertions, 0 deletions
@@ -31,6 +31,10 @@ PHP NEWS - Standard: . Fixed bug #70720 (strip_tags improper php code parsing). (Julien) +- XSL: + . Fixed bug #71540 (NULL pointer dereference in xsl_ext_function_php()). + (Stas) + - Zip: . Fixed bug #71561 (NULL pointer dereference in Zip::ExtractTo). (Laruence) diff --git a/ext/xsl/tests/bug71540.phpt b/ext/xsl/tests/bug71540.phpt new file mode 100644 index 0000000000..e93fb0e125 --- /dev/null +++ b/ext/xsl/tests/bug71540.phpt @@ -0,0 +1,67 @@ +--TEST-- +Bug #71540 (NULL pointer dereference in xsl_ext_function_php()) +--SKIPIF-- +<?php +if (!extension_loaded('xsl')) die("skip Extension XSL is required\n"); +?> +--FILE-- +<?php +$xml = <<<EOB +<allusers> + <user> + <uid>bob</uid> + </user> +</allusers> +EOB; +$xsl = <<<EOB +<?xml version="1.0" encoding="UTF-8"?> +<xsl:stylesheet version="1.0" + xmlns:xsl="http://www.w3.org/1999/XSL/Transform" + xmlns:php="http://php.net/xsl"> +<xsl:output method="html" encoding="utf-8" indent="yes"/> + <xsl:template match="allusers"> + <html><body> + <h2>Users</h2> + <table> + <xsl:for-each select="user"> + <tr><td> + <xsl:value-of + select="php:function('test',uid,test(test))"/> + </td></tr> + </xsl:for-each> + </table> + </body></html> + </xsl:template> +</xsl:stylesheet> +EOB; + +$xmldoc = new DOMDocument(); +$xmldoc->loadXML($xml); +$xsldoc = new DOMDocument(); +$xsldoc->loadXML($xsl); + +$proc = new XSLTProcessor(); +$proc->registerPHPFunctions(); +$proc->importStyleSheet($xsldoc); +echo $proc->transformToXML($xmldoc); +?> +DONE +--EXPECTF-- +Warning: XSLTProcessor::transformToXml(): xmlXPathCompOpEval: function test not found in %sbug71540.php on line %d + +Warning: XSLTProcessor::transformToXml(): Unregistered function in %sbug71540.php on line %d + +Warning: XSLTProcessor::transformToXml(): Stack usage errror in %sbug71540.php on line %d + +Warning: XSLTProcessor::transformToXml(): Stack usage errror in %sbug71540.php on line %d + +Warning: XSLTProcessor::transformToXml(): xmlXPathCompiledEval: 2 objects left on the stack. in %sbug71540.php on line %d + +Warning: XSLTProcessor::transformToXml(): runtime error: file %s line 13 element value-of in %sbug71540.php on line %d + +Warning: XSLTProcessor::transformToXml(): XPath evaluation returned no result. in %sbug71540.php on line %d +<html xmlns:php="http://php.net/xsl"><body> +<h2>Users</h2> +<table><tr><td></td></tr></table> +</body></html> +DONE
\ No newline at end of file diff --git a/ext/xsl/xsltprocessor.c b/ext/xsl/xsltprocessor.c index 691c78c470..5d34651930 100644 --- a/ext/xsl/xsltprocessor.c +++ b/ext/xsl/xsltprocessor.c @@ -239,6 +239,10 @@ static void xsl_ext_function_php(xmlXPathParserContextPtr ctxt, int nargs, int t for (i = nargs - 2; i >= 0; i--) { obj = valuePop(ctxt); MAKE_STD_ZVAL(args[i]); + if (obj == NULL) { + ZVAL_NULL(args[i]); + continue; + } switch (obj->type) { case XPATH_STRING: ZVAL_STRING(args[i], obj->stringval, 1); |