diff options
author | Xinchen Hui <laruence@php.net> | 2015-04-01 00:41:46 +0300 |
---|---|---|
committer | Stanislav Malyshev <stas@php.net> | 2015-04-05 22:48:10 -0700 |
commit | 9a404df382d041127eaa601b3113587df45d510d (patch) | |
tree | cfab64bcec93ed53b01b87067a50d8af155d0e20 | |
parent | 5ae20c624781bdd39ba14b2f856234c168f7ea38 (diff) | |
download | php-git-9a404df382d041127eaa601b3113587df45d510d.tar.gz |
Fixed bug #68740 (NULL Pointer Dereference)
(cherry picked from commit 124fb22a13fafa3648e4e15b4f207c7096d8155e)
-rw-r--r-- | NEWS | 3 | ||||
-rw-r--r-- | ext/ereg/regex/regcomp.c | 4 |
2 files changed, 7 insertions, 0 deletions
@@ -2,6 +2,9 @@ PHP NEWS ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| ?? ??? 2015 PHP 5.4.40 +- Ereg: + . Fixed bug #68740 (NULL Pointer Dereference). (Laruence) + - GD: . Fixed bug #68601 (buffer read overflow in gd_gif_in.c). (Remi) diff --git a/ext/ereg/regex/regcomp.c b/ext/ereg/regex/regcomp.c index f4bfc1c167..c2223d7dbe 100644 --- a/ext/ereg/regex/regcomp.c +++ b/ext/ereg/regex/regcomp.c @@ -1284,6 +1284,10 @@ int c; register int ncols = (g->ncsets+(CHAR_BIT-1)) / CHAR_BIT; register unsigned uc = (unsigned char)c; + if (!g->setbits) { + return(0); + } + for (i = 0, col = g->setbits; i < ncols; i++, col += g->csetsize) if (col[uc] != 0) return(1); |