diff options
author | Antony Dovgal <tony2001@php.net> | 2006-10-11 11:09:42 +0000 |
---|---|---|
committer | Antony Dovgal <tony2001@php.net> | 2006-10-11 11:09:42 +0000 |
commit | a81eae5d01da00878396798e396c4f0828e29ba8 (patch) | |
tree | c7629a005730d7e4a9bc45eb603642282975555e | |
parent | 9f5de3bb5cb94bba8e7c7ef25455af2b16784433 (diff) | |
download | php-git-a81eae5d01da00878396798e396c4f0828e29ba8.tar.gz |
MFH: fix segfault/leak, add test
-rw-r--r-- | ext/mbstring/php_mbregex.c | 20 | ||||
-rw-r--r-- | ext/mbstring/tests/mb_ereg1.phpt | 79 |
2 files changed, 86 insertions, 13 deletions
diff --git a/ext/mbstring/php_mbregex.c b/ext/mbstring/php_mbregex.c index e10802be9f..4c381c3755 100644 --- a/ext/mbstring/php_mbregex.c +++ b/ext/mbstring/php_mbregex.c @@ -518,7 +518,7 @@ PHP_FUNCTION(mb_regex_encoding) static void _php_mb_regex_ereg_exec(INTERNAL_FUNCTION_PARAMETERS, int icase) { zval tmp; - zval *arg_pattern, *array; + zval **arg_pattern, *array; char *string; int string_len; php_mb_regex_t *re; @@ -529,7 +529,7 @@ static void _php_mb_regex_ereg_exec(INTERNAL_FUNCTION_PARAMETERS, int icase) array = NULL; - if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "zs|z", &arg_pattern, &string, &string_len, &array) == FAILURE) { + if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "Zs|z", &arg_pattern, &string, &string_len, &array) == FAILURE) { RETURN_FALSE; } @@ -539,18 +539,15 @@ static void _php_mb_regex_ereg_exec(INTERNAL_FUNCTION_PARAMETERS, int icase) } /* compile the regular expression from the supplied regex */ - if (Z_TYPE_P(arg_pattern) != IS_STRING) { + if (Z_TYPE_PP(arg_pattern) != IS_STRING) { /* we convert numbers to integers and treat them as a string */ - tmp = *arg_pattern; - zval_copy_ctor(&tmp); - if (Z_TYPE_P(&tmp) == IS_DOUBLE) { - convert_to_long(&tmp); /* get rid of decimal places */ + if (Z_TYPE_PP(arg_pattern) == IS_DOUBLE) { + convert_to_long_ex(arg_pattern); /* get rid of decimal places */ } - convert_to_string(&tmp); - arg_pattern = &tmp; + convert_to_string_ex(arg_pattern); /* don't bother doing an extended regex with just a number */ } - re = php_mbregex_compile_pattern(Z_STRVAL_P(arg_pattern), Z_STRLEN_P(arg_pattern), options, MBSTRG(current_mbctype), MBSTRG(regex_default_syntax) TSRMLS_CC); + re = php_mbregex_compile_pattern(Z_STRVAL_PP(arg_pattern), Z_STRLEN_PP(arg_pattern), options, MBSTRG(current_mbctype), MBSTRG(regex_default_syntax) TSRMLS_CC); if (re == NULL) { RETVAL_FALSE; goto out; @@ -590,9 +587,6 @@ out: if (regs != NULL) { onig_region_free(regs, 1); } - if (arg_pattern == &tmp) { - zval_dtor(&tmp); - } } /* }}} */ diff --git a/ext/mbstring/tests/mb_ereg1.phpt b/ext/mbstring/tests/mb_ereg1.phpt new file mode 100644 index 0000000000..e420312da1 --- /dev/null +++ b/ext/mbstring/tests/mb_ereg1.phpt @@ -0,0 +1,79 @@ +--TEST-- +mb_ereg() and invalid arguments +--SKIPIF-- +<?php if (!function_exists("mb_ereg")) print "skip"; ?> +--FILE-- +<?php + +$a = array( + array(1,2,3), + array("", "", ""), + array(array(), 1, ""), + array(1, array(), ""), + array(1, "", array()), + ); + +foreach ($a as $args) { + var_dump(mb_ereg($args[0], $args[1], $args[2])); + var_dump($args); +} + +echo "Done\n"; +?> +--EXPECTF-- +bool(false) +array(3) { + [0]=> + int(1) + [1]=> + int(2) + [2]=> + int(3) +} +int(1) +array(3) { + [0]=> + string(0) "" + [1]=> + string(0) "" + [2]=> + array(1) { + [0]=> + bool(false) + } +} + +Notice: Array to string conversion in %s on line %d +bool(false) +array(3) { + [0]=> + array(0) { + } + [1]=> + int(1) + [2]=> + string(0) "" +} + +Warning: mb_ereg() expects parameter 2 to be string, array given in %s on line %d +bool(false) +array(3) { + [0]=> + int(1) + [1]=> + array(0) { + } + [2]=> + string(0) "" +} +bool(false) +array(3) { + [0]=> + int(1) + [1]=> + string(0) "" + [2]=> + array(0) { + } +} +Done |