diff options
author | Christoph M. Becker <cmb@php.net> | 2016-07-30 12:02:56 +0200 |
---|---|---|
committer | Christoph M. Becker <cmb@php.net> | 2016-07-30 12:04:12 +0200 |
commit | 9c2814313d26968bb3a53b3b1012ea6b2cfaa922 (patch) | |
tree | 56ab9f648df57b28d0ea3c7a5076c74bee0d6fd4 | |
parent | ca82574d7cefb05b15e13d0b91eb86b3dffa323f (diff) | |
parent | e5940aa7950effe1835e489024b840fb87f54a3c (diff) | |
download | php-git-9c2814313d26968bb3a53b3b1012ea6b2cfaa922.tar.gz |
Merge branch 'PHP-7.0' into PHP-7.1
-rw-r--r-- | NEWS | 2 | ||||
-rw-r--r-- | ext/mbstring/php_mbregex.c | 2 | ||||
-rw-r--r-- | ext/mbstring/tests/bug72710.phpt | 12 |
3 files changed, 15 insertions, 1 deletions
@@ -33,6 +33,8 @@ PHP NEWS zero-width). (cmb) . Fixed bug #72694 (mb_ereg_search_setpos does not accept a string's last position). (cmb) + . Fixed bug #72710 (`mb_ereg` causes buffer overflow on regexp compile error). + (ju1ius) - Mysqlnd: . Fixed bug #71863 (Segfault when EXPLAIN with "Unknown column" error when diff --git a/ext/mbstring/php_mbregex.c b/ext/mbstring/php_mbregex.c index fd103abf19..db37bd3739 100644 --- a/ext/mbstring/php_mbregex.c +++ b/ext/mbstring/php_mbregex.c @@ -454,7 +454,7 @@ static php_mb_regex_t *php_mbregex_compile_pattern(const char *pattern, int patl rc = zend_hash_str_find_ptr(&MBREX(ht_rc), (char *)pattern, patlen); if (!rc || rc->options != options || rc->enc != enc || rc->syntax != syntax) { if ((err_code = onig_new(&retval, (OnigUChar *)pattern, (OnigUChar *)(pattern + patlen), options, enc, syntax, &err_info)) != ONIG_NORMAL) { - onig_error_code_to_str(err_str, err_code, err_info); + onig_error_code_to_str(err_str, err_code, &err_info); php_error_docref(NULL, E_WARNING, "mbregex compile err: %s", err_str); retval = NULL; goto out; diff --git a/ext/mbstring/tests/bug72710.phpt b/ext/mbstring/tests/bug72710.phpt new file mode 100644 index 0000000000..19becc5010 --- /dev/null +++ b/ext/mbstring/tests/bug72710.phpt @@ -0,0 +1,12 @@ +--TEST-- +Bug #72710 (`mb_ereg` causes buffer overflow on regexp compile error) +--SKIPIF-- +<?php +if (!extension_loaded('mbstring')) die('skip ext/mbstring required'); +?> +--FILE-- +<?php +mb_ereg('(?<0>a)', 'a'); +?> +--EXPECTF-- +Warning: mb_ereg(): mbregex compile err: invalid group name <0> in %s on line %d |