diff options
| author | Christoph M. Becker <cmbecker69@gmx.de> | 2021-03-15 10:26:50 +0100 | 
|---|---|---|
| committer | Christoph M. Becker <cmbecker69@gmx.de> | 2021-03-17 12:37:18 +0100 | 
| commit | a08847ab39bb512d500cf196981a3e8780c83600 (patch) | |
| tree | 70219b3bf0b7f8f0b90d7fcc8846d7bd174cf258 /ext/intl/msgformat/msgformat_format.c | |
| parent | 4adc08a403fe6784af0ca91c7743c3b5c44763a4 (diff) | |
| download | php-git-a08847ab39bb512d500cf196981a3e8780c83600.tar.gz | |
Fix #66783: UAF when appending DOMDocument to element
According to the DOM standard, elements may only contain element, text,
processing instruction and comment nodes[1].  It is also specified that
a HierarchyRequestError should be thrown if a document is to be
inserted[2].  We follow that standard, and prevent the use-after-free
this way.
[1] <https://dom.spec.whatwg.org/#node-trees>
[2] <https://dom.spec.whatwg.org/#mutation-algorithms>
Closes GH-6765.
Diffstat (limited to 'ext/intl/msgformat/msgformat_format.c')
0 files changed, 0 insertions, 0 deletions
