Fixed bug #78577

[beberlei]

The nsparent should actually be the nodep already from the DOMElement#getAttributeNode() call.

Fixes https://bugs.php.net/bug.php?id=78577

[beberlei]

Related to https://bugs.php.net/bug.php?id=70359

[nikic]

There's some similar code doing nsparent = node->_private in xpath.c.

[beberlei]

@nikic You are right, multiple times actually. Going to try to get it to segfault as well using XPath in the test-case.

[beberlei]

Triggering the copy pasted code in xpath.c does not lead to a segfault, so I think that @cmb69 assertion on the linked ticket is right, that the culprit is the invalid cast in dom_get_dom1_attribute.

[robrichards]

@beberlei I sent you a patch to try as the type case in that method was intentional. It was used incorrectly tho in the dom_element_get_attribute_node method

[krakjoe]

Can we get a status update here please ?

[beberlei]

So I wrote with @robrichards on this, and incorporated parts of a patch that he sent me. One problem is still that the previous code using _private doesn't work even though an explicit cast ((xmlNsPtr)attr)->_private; addresses the problem that the field is in different order compared to xmlNodePtr.

So i kept my part of the patch that uses nodep instead of attrp->_private for the parent node, because they are the same by the nature of the current DOM operation.

[beberlei]

The fix is still not good, accessing $attr->parentNode will point to invalid memory when the parent node is removed from the DOM and garbage collected.

[github-actions]

There has not been any recent activity in this PR. It will automatically be closed in 7 days if no further action is taken.