Allocate temporary PCRE match data using ZMM

Create a separate general context that uses ZMM as allocator and use it to allocate temporary PCRE match data (there is still one global match data). There is no requirement that the match data and the compiled regex / match context use the same general context. This makes sure that we do not leak persistent memory on bailout and fixes oss-fuzz #25296, on which half the libfuzzer runs currently get stuck.
author: Nikita Popov <nikita.ppv@gmail.com> 2020-09-07 12:30:43 +0200
committer: Nikita Popov <nikita.ppv@gmail.com> 2020-09-07 12:30:43 +0200
commit: f4b2497ad8c366d276689dd1c7e3a84c33c11d9b (patch)
tree: 91f657c480f18197c292739e78fb5a34e53bc742 /ext/pcre/tests
parent: 9475bcbef77c5e87d0381943ab0194f720b1323c (diff)
download: php-git-f4b2497ad8c366d276689dd1c7e3a84c33c11d9b.tar.gz
1 files changed, 18 insertions, 0 deletions
diff --git a/ext/pcre/tests/preg_replace_callback_fatal_error_leak.phpt b/ext/pcre/tests/preg_replace_callback_fatal_error_leak.phpt
new file mode 100644
index 0000000000..5ea3d4081e
--- /dev/null
+++ b/ext/pcre/tests/preg_replace_callback_fatal_error_leak.phpt
@@ -0,0 +1,18 @@
+--TEST--
+preg_replace_callback() should not leak persistent memory on fatal error
+--FILE--
+<?php
+
+function test() {}
+
+preg_replace_callback('/a/', function($matches) {
+    preg_replace_callback('/x/', function($matches) {
+        function test() {} // Trigger a fatal error.
+        return 'y';
+    }, 'x');
+    return 'b';
+}, 'a');
+
+?>
+--EXPECTF--
+Fatal error: Cannot redeclare test() (previously declared in %s on line %d
author	Nikita Popov <nikita.ppv@gmail.com>	2020-09-07 12:30:43 +0200
committer	Nikita Popov <nikita.ppv@gmail.com>	2020-09-07 12:30:43 +0200
commit	f4b2497ad8c366d276689dd1c7e3a84c33c11d9b (patch)
tree	91f657c480f18197c292739e78fb5a34e53bc742 /ext/pcre/tests
parent	9475bcbef77c5e87d0381943ab0194f720b1323c (diff)
download	php-git-f4b2497ad8c366d276689dd1c7e3a84c33c11d9b.tar.gz