Internet Bug Bounty: Double Free Corruption in wddx.c (extension)
There are a bug double free occur in wddxdeserialize, which trying to deserialize malicious xml input from user's request. The problem start here in : static void phpwddxpushelementvoid userdata, const XMLChar name, const XMLChar atts ...snip..... else if !strcmpchar name, ELBOOLEAN int i; if att...