Nested PCRE calls may clobber extra->mark and it has to be reinitailized

This fixes invalid memory writes (detected with valgrind) in Zend/tests/closure_047.phpt and Zend/tests/closure_048.phpt.
author: Dmitry Stogov <dmitry@zend.com> 2014-05-13 12:14:55 +0400
committer: Dmitry Stogov <dmitry@zend.com> 2014-05-13 12:14:55 +0400
commit: 376ab3b7873ca04142185d8c08dbb4c4be152474 (patch)
tree: a8ca4db343bc4a8b75a53f7b1c92147cf7df15a7 /ext/pcre/php_pcre.c
parent: 88421c6a0482a28fc15fb5bd47657cbe7402b635 (diff)
download: php-git-376ab3b7873ca04142185d8c08dbb4c4be152474.tar.gz
1 files changed, 4 insertions, 4 deletions
diff --git a/ext/pcre/php_pcre.c b/ext/pcre/php_pcre.c
index 636bafae15..952dcb11bd 100644
--- a/ext/pcre/php_pcre.c
+++ b/ext/pcre/php_pcre.c
@@ -1058,10 +1058,6 @@ PHPAPI zend_string *php_pcre_replace_impl(pcre_cache_entry *pce, char *subject,
 	}
 	extra->match_limit = PCRE_G(backtrack_limit);
 	extra->match_limit_recursion = PCRE_G(recursion_limit);
-#ifdef PCRE_EXTRA_MARK
-	extra->mark = &mark;
-	extra->flags |= PCRE_EXTRA_MARK;
-#endif
 
 	eval = pce->preg_options & PREG_REPLACE_EVAL;
 	if (is_callable_replace) {
@@ -1110,6 +1106,10 @@ PHPAPI zend_string *php_pcre_replace_impl(pcre_cache_entry *pce, char *subject,
 	PCRE_G(error_code) = PHP_PCRE_NO_ERROR;
 	
 	while (1) {
+#ifdef PCRE_EXTRA_MARK
+		extra->mark = &mark;
+		extra->flags |= PCRE_EXTRA_MARK;
+#endif
 		/* Execute the regular expression. */
 		count = pcre_exec(pce->re, extra, subject, subject_len, start_offset,
 						  exoptions|g_notempty, offsets, size_offsets);
author	Dmitry Stogov <dmitry@zend.com>	2014-05-13 12:14:55 +0400
committer	Dmitry Stogov <dmitry@zend.com>	2014-05-13 12:14:55 +0400
commit	376ab3b7873ca04142185d8c08dbb4c4be152474 (patch)
tree	a8ca4db343bc4a8b75a53f7b1c92147cf7df15a7 /ext/pcre/php_pcre.c
parent	88421c6a0482a28fc15fb5bd47657cbe7402b635 (diff)
download	php-git-376ab3b7873ca04142185d8c08dbb4c4be152474.tar.gz