summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--NEWS9
-rw-r--r--ext/xml/compat.c8
-rw-r--r--ext/xml/tests/bug73135.phpt24
3 files changed, 35 insertions, 6 deletions
diff --git a/NEWS b/NEWS
index 8aeb463c9f..29b6cce2d0 100644
--- a/NEWS
+++ b/NEWS
@@ -2,12 +2,14 @@ PHP NEWS
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
?? ??? ????, PHP 7.1
-
-10 Nov 2016, PHP 7.1.0RC6
-
- Calendar:
. Fix integer overflows (Joshua Rogers)
+- XML:
+ . Fixed bug #72135 (malformed XML causes fault) (edgarsandi)
+
+10 Nov 2016, PHP 7.1.0RC6
+
- Core:
. Fixded bug #72736 (Slow performance when fetching large dataset with mysqli
/ PDO). (Dmitry)
@@ -48,6 +50,7 @@ PHP NEWS
with PDORow). (Stas)
27 Oct 2016, PHP 7.1.0RC5
+=======
- Core:
. Fixed bug #73350 (Exception::__toString() cause circular references).
diff --git a/ext/xml/compat.c b/ext/xml/compat.c
index 3fc203ee23..d39afacc0b 100644
--- a/ext/xml/compat.c
+++ b/ext/xml/compat.c
@@ -593,10 +593,12 @@ has been defined and none can be detected */
}
#endif
+ if (parser->parser->lastError.level >= XML_ERR_WARNING) {
+ return 0;
+ }
+
error = xmlParseChunk(parser->parser, (char *) data, data_len, is_final);
- if (!error) {
- return 1;
- } else if (parser->parser->lastError.level > XML_ERR_WARNING ){
+ if (error) {
return 0;
} else {
return 1;
diff --git a/ext/xml/tests/bug73135.phpt b/ext/xml/tests/bug73135.phpt
new file mode 100644
index 0000000000..5fb43e91db
--- /dev/null
+++ b/ext/xml/tests/bug73135.phpt
@@ -0,0 +1,24 @@
+--TEST--
+Bug #73135 (xml_parse() segmentation fault)
+--CREDITS--
+edgarsandi - <edgar.r.sandi@gmail.com>
+--FILE--
+<?php
+ function start_elem($parser, $xml) {
+ xml_parse($parser, $xml);
+ }
+
+ $xml = <<<HERE
+ <a xmlns="ahihi">
+ <bar foo="ahihi"/>
+ </a>
+HERE;
+
+ $parser = xml_parser_create_ns();
+ xml_set_element_handler($parser, 'start_elem', 'ahihi');
+ xml_parse($parser, $xml);
+?>
+--EXPECTF--
+Warning: xml_parse(): Unable to call handler ahihi() in %s%ebug73135.php on line %d
+
+Warning: xml_parse(): Unable to call handler ahihi() in %s%ebug73135.php on line %d \ No newline at end of file
View Lorry Controller Status