Fixed bug #73532 (Null pointer dereference in mb_eregi)

3 files changed, 15 insertions, 2 deletions

diff --git a/NEWS b/NEWS
index 86d41c5656..84c4f8715f 100644
--- a/NEWS
+++ b/NEWS
@@ -8,6 +8,9 @@ PHP                                                                        NEWS
 - Date:
   . Fixed bug #69587 (DateInterval properties and isset). (jhdxr)
 
+- Mbstring:
+  . Fixed bug #73532 (Null pointer dereference in mb_eregi). (Laruence)
+
 - SQLite3:
   . Update to SQLite 3.15.1. (cmb)
 
diff --git a/ext/mbstring/php_mbregex.c b/ext/mbstring/php_mbregex.c
index a9e464fa64..cf341d3599 100644
--- a/ext/mbstring/php_mbregex.c
+++ b/ext/mbstring/php_mbregex.c
@@ -708,8 +708,10 @@ static void _php_mb_regex_ereg_exec(INTERNAL_FUNCTION_PARAMETERS, int icase)
 	string_len,
 	_php_mb_regex_mbctype2name(MBREX(current_mbctype))
 	)) {
-		zval_dtor(array);
-		array_init(array);
+		if (array != NULL) {
+			zval_dtor(array);
+			array_init(array);
+		}
 		RETURN_FALSE;
 	}
 
diff --git a/ext/mbstring/tests/bug73532.phpt b/ext/mbstring/tests/bug73532.phpt
new file mode 100644
index 0000000000..0bc838b075
--- /dev/null
+++ b/ext/mbstring/tests/bug73532.phpt
@@ -0,0 +1,8 @@
+--TEST--
+Bug #73532 (Null pointer dereference in mb_eregi)
+--FILE--
+<?php
+var_dump(mb_eregi("a", "\xf5"));
+?>
+--EXPECTF--
+bool(false)