--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/php/php56/patches/CVE-2015-6837_CVE-2015-6838.patch Thu Nov 19 22:52:15 2015 -0800
@@ -0,0 +1,35 @@
+# Source: upstream
+# https://bugs.php.net/bug.php?id=69782
+# Official fix: https://github.com/php/php-src/commit/1744be2d17befc69bf00033993f4081852a747d6.patch
+# Clean patch: http://pastie.org/private/puvwu1gtr4qkextmrqmkmq
+# Patch adapted/regenerated.
+
+--- xsltprocessor.c.orig 2015-09-09 14:59:20.354579467 -0700
++++ php-5.6.8/ext/xsl/xsltprocessor.c 2015-09-09 15:01:03.737672429 -0700
+@@ -223,7 +223,10 @@
+ if (error == 1) {
+ for (i = nargs - 1; i >= 0; i--) {
+ obj = valuePop(ctxt);
+- xmlXPathFreeObject(obj);
++
++ if (obj) {
++ xmlXPathFreeObject(obj);
++ }
+ }
+ return;
+ }
+@@ -302,9 +305,11 @@
+ fci.function_table = EG(function_table);
+
+ obj = valuePop(ctxt);
+- if (obj->stringval == NULL) {
+- php_error_docref(NULL TSRMLS_CC, E_WARNING, "Handler name must be a string");
+- xmlXPathFreeObject(obj);
++ if (obj == NULL || obj->stringval == NULL) {
++ if (obj && obj->stringval == NULL) {
++ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Handler name must be a string");
++ xmlXPathFreeObject(obj);
++ }
+ valuePush(ctxt, xmlXPathNewString(""));
+ if (fci.param_count > 0) {
+ for (i = 0; i < nargs - 1; i++) {