Fixed bug #68740 (NULL Pointer Dereference)

(cherry picked from commit 124fb22a13fafa3648e4e15b4f207c7096d8155e)
author: Xinchen Hui <laruence@php.net> 2015-04-01 00:41:46 +0300
committer: Stanislav Malyshev <stas@php.net> 2015-04-05 22:48:10 -0700
commit: 9a404df382d041127eaa601b3113587df45d510d (patch)
tree: cfab64bcec93ed53b01b87067a50d8af155d0e20
parent: 5ae20c624781bdd39ba14b2f856234c168f7ea38 (diff)
download: php-git-9a404df382d041127eaa601b3113587df45d510d.tar.gz
2 files changed, 7 insertions, 0 deletions
diff --git a/NEWS b/NEWS
index f8f046c056..0a83818e2e 100644
--- a/NEWS
+++ b/NEWS
@@ -2,6 +2,9 @@ PHP                                                                        NEWS
 |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
 ?? ??? 2015 PHP 5.4.40
 
+- Ereg:
+  . Fixed bug #68740 (NULL Pointer Dereference). (Laruence)
+
 - GD:
   . Fixed bug #68601 (buffer read overflow in gd_gif_in.c). (Remi)
 
diff --git a/ext/ereg/regex/regcomp.c b/ext/ereg/regex/regcomp.c
index f4bfc1c167..c2223d7dbe 100644
--- a/ext/ereg/regex/regcomp.c
+++ b/ext/ereg/regex/regcomp.c
@@ -1284,6 +1284,10 @@ int c;
 	register int ncols = (g->ncsets+(CHAR_BIT-1)) / CHAR_BIT;
 	register unsigned uc = (unsigned char)c;
 
+	if (!g->setbits) {
+		return(0);
+	}
+
 	for (i = 0, col = g->setbits; i < ncols; i++, col += g->csetsize)
 		if (col[uc] != 0)
 			return(1);
author	Xinchen Hui <laruence@php.net>	2015-04-01 00:41:46 +0300
committer	Stanislav Malyshev <stas@php.net>	2015-04-05 22:48:10 -0700
commit	9a404df382d041127eaa601b3113587df45d510d (patch)
tree	cfab64bcec93ed53b01b87067a50d8af155d0e20
parent	5ae20c624781bdd39ba14b2f856234c168f7ea38 (diff)
download	php-git-9a404df382d041127eaa601b3113587df45d510d.tar.gz