`DOM\XMLDocument::createComment()` triggers undefined behavior with null byte

[bendrissou]

Description

The following code:

<?php
$dom = DOM\XMLDocument::createEmpty();

function createContainer() {
    global $dom;
$element = $dom->createElement("container");
    return $element;
}
$container = createContainer();
$container->append($dom->createComment("^@ is -a- comment")); // contains null byte \x00
var_dump($container->innerHTML);
?>

Resulted in this output:

/home/program/ext/dom/xml_serializer.c:643:52: runtime error: addition of unsigned offset to 0x602000002b50 overflowed to 0x602000002b4f
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /home/program/ext/dom/xml_serializer.c:643:52 in 

But I expected this output instead:

string(22) "<!-- is -a- comment-->"

PHP Version

PHP 8.5.0-dev (cli) (built: Jun  4 2025 20:21:49) (NTS)
Copyright (c) The PHP Group
Zend Engine v4.5.0-dev, Copyright (c) Zend Technologies

Operating System

Ubuntu 20.04