Patch for 73293

73293.diff

commit 96a8cf8e1b5dc1b0c708bb5574e0d6727cc56d9e
Author: Stanislav Malyshev <stas@php.net>
Date:   Tue Oct 11 13:30:52 2016 -0700

    Fix bug #73293 - NULL pointer dereference in SimpleXMLElement::asXML()

diff --git a/Zend/zend_API.h b/Zend/zend_API.h
index c57c003..dadeaf5 100644
--- a/Zend/zend_API.h
+++ b/Zend/zend_API.h
@@ -665,7 +665,7 @@ END_EXTERN_C()
 		}									\
 		RETURN_FALSE;						\
 	}										\
-	RETVAL_STRINGL((s), __len, (dup)); \
+	RETVAL_STRINGL((s), (int)__len, (dup)); \
 } while (0)
 
 
diff --git a/ext/simplexml/simplexml.c b/ext/simplexml/simplexml.c
index 07fc654..d7077fc 100644
--- a/ext/simplexml/simplexml.c
+++ b/ext/simplexml/simplexml.c
@@ -1412,9 +1412,15 @@ SXE_METHOD(asXML)
 	if (node) {
 		if (node->parent && (XML_DOCUMENT_NODE == node->parent->type)) {
 			xmlDocDumpMemoryEnc((xmlDocPtr) sxe->document->ptr, &strval, &strval_len, ((xmlDocPtr) sxe->document->ptr)->encoding);
+			if (!strval) {
+				RETVAL_FALSE;
+			} else {
 				RETVAL_STRINGL((char *)strval, strval_len, 1);
+			}
 			xmlFree(strval);
 		} else {
+			char *return_content;
+			size_t return_len;
 			/* Should we be passing encoding information instead of NULL? */
 			outbuf = xmlAllocOutputBuffer(NULL);
 
@@ -1425,10 +1431,17 @@ SXE_METHOD(asXML)
 			xmlNodeDumpOutput(outbuf, (xmlDocPtr) sxe->document->ptr, node, 0, 0, ((xmlDocPtr) sxe->document->ptr)->encoding);
 			xmlOutputBufferFlush(outbuf);
 #ifdef LIBXML2_NEW_BUFFER
-			RETVAL_STRINGL((char *)xmlOutputBufferGetContent(outbuf), xmlOutputBufferGetSize(outbuf), 1);
+			return_content = (char *)xmlOutputBufferGetContent(outbuf);
+			return_len = xmlOutputBufferGetSize(outbuf);
 #else
-			RETVAL_STRINGL((char *)outbuf->buffer->content, outbuf->buffer->use, 1);
+			return_content = (char *)outbuf->buffer->content;
+			return_len = outbuf->buffer->use;
 #endif
+			if (!return_content) {
+				RETVAL_FALSE;
+			} else {
+				RETVAL_STRINGL_CHECK(return_content, return_len, 1);
+			}
 			xmlOutputBufferClose(outbuf);
 		}
 	} else {