fix bug #54682 (tidy null pointer dereference)

1 files changed, 6 insertions, 2 deletions

diff --git a/ext/tidy/tidy.c b/ext/tidy/tidy.c
index 55c33825d4..5ac1a69196 100644
--- a/ext/tidy/tidy.c
+++ b/ext/tidy/tidy.c
@@ -191,6 +191,7 @@ struct _PHPTidyDoc {
 	TidyDoc			doc;
 	TidyBuffer		*errbuf;
 	unsigned int	ref_count;
+	unsigned int    initialized:1;
 };
 
 struct _PHPTidyObj {
@@ -688,6 +689,7 @@ static void tidy_object_new(zend_class_entry *class_type, zend_object_handlers *
 			intern->ptdoc = emalloc(sizeof(PHPTidyDoc));
 			intern->ptdoc->doc = tidyCreate();
 			intern->ptdoc->ref_count = 1;
+			intern->ptdoc->initialized = 0;
 			intern->ptdoc->errbuf = emalloc(sizeof(TidyBuffer));
 			tidyBufInit(intern->ptdoc->errbuf);
 
@@ -1047,7 +1049,9 @@ static int php_tidy_parse_string(PHPTidyObj *obj, char *string, int len, char *e
 			return FAILURE;
 		}
 	}
-	
+
+	obj->ptdoc->initialized = 1;
+
 	tidyBufInit(&buf);
 	tidyBufAttach(&buf, (byte *) string, len);
 	if (tidyParseBuffer(obj->ptdoc->doc, &buf) < 0) {
@@ -1336,7 +1340,7 @@ static PHP_FUNCTION(tidy_diagnose)
 {
 	TIDY_FETCH_OBJECT;
 
-	if (tidyRunDiagnostics(obj->ptdoc->doc) >= 0) {
+	if (obj->ptdoc->initialized && tidyRunDiagnostics(obj->ptdoc->doc) >= 0) {
 		tidy_doc_update_properties(obj TSRMLS_CC);
 		RETURN_TRUE;
 	}