diff options
| -rw-r--r-- | ext/mbstring/php_mbregex.c | 20 | ||||
| -rw-r--r-- | ext/mbstring/tests/bug72994.phpt | 2 | ||||
| -rw-r--r-- | ext/mbstring/tests/bug77370.phpt | 2 | ||||
| -rw-r--r-- | ext/mbstring/tests/bug77371.phpt | 2 | ||||
| -rw-r--r-- | ext/mbstring/tests/bug77381.phpt | 8 | ||||
| -rw-r--r-- | ext/mbstring/tests/bug77418.phpt | 7 | ||||
| -rw-r--r-- | ext/mbstring/tests/mb_ereg_replace_variation1.phpt | 4 |
7 files changed, 28 insertions, 17 deletions
diff --git a/ext/mbstring/php_mbregex.c b/ext/mbstring/php_mbregex.c index 2ff304f277..b05300628c 100644 --- a/ext/mbstring/php_mbregex.c +++ b/ext/mbstring/php_mbregex.c @@ -448,13 +448,18 @@ static php_mb_regex_t *php_mbregex_compile_pattern(const char *pattern, int patl OnigErrorInfo err_info; OnigUChar err_str[ONIG_MAX_ERROR_MESSAGE_LEN]; + if (!php_mb_check_encoding(pattern, patlen, _php_mb_regex_mbctype2name(enc))) { + php_error_docref(NULL, E_WARNING, + "Pattern is not valid under %s encoding", _php_mb_regex_mbctype2name(enc)); + return NULL; + } + rc = zend_hash_str_find_ptr(&MBREX(ht_rc), (char *)pattern, patlen); if (!rc || onig_get_options(rc) != options || onig_get_encoding(rc) != enc || onig_get_syntax(rc) != syntax) { if ((err_code = onig_new(&retval, (OnigUChar *)pattern, (OnigUChar *)(pattern + patlen), options, enc, syntax, &err_info)) != ONIG_NORMAL) { onig_error_code_to_str(err_str, err_code, &err_info); php_error_docref(NULL, E_WARNING, "mbregex compile err: %s", err_str); - retval = NULL; - goto out; + return NULL; } if (rc == MBREX(search_re)) { /* reuse the new rc? see bug #72399 */ @@ -464,7 +469,6 @@ static php_mb_regex_t *php_mbregex_compile_pattern(const char *pattern, int patl } else { retval = rc; } -out: return retval; } /* }}} */ @@ -1107,6 +1111,11 @@ PHP_FUNCTION(mb_split) count--; } + if (!php_mb_check_encoding(string, string_len, + _php_mb_regex_mbctype2name(MBREX(current_mbctype)))) { + RETURN_FALSE; + } + /* create regex pattern buffer */ if ((re = php_mbregex_compile_pattern(arg_pattern, arg_pattern_len, MBREX(regex_default_options), MBREX(current_mbctype), MBREX(regex_default_syntax))) == NULL) { RETURN_FALSE; @@ -1196,6 +1205,11 @@ PHP_FUNCTION(mb_ereg_match) } } + if (!php_mb_check_encoding(string, string_len, + _php_mb_regex_mbctype2name(MBREX(current_mbctype)))) { + RETURN_FALSE; + } + if ((re = php_mbregex_compile_pattern(arg_pattern, arg_pattern_len, option, MBREX(current_mbctype), syntax)) == NULL) { RETURN_FALSE; } diff --git a/ext/mbstring/tests/bug72994.phpt b/ext/mbstring/tests/bug72994.phpt index 6eaebc1c67..d001fac679 100644 --- a/ext/mbstring/tests/bug72994.phpt +++ b/ext/mbstring/tests/bug72994.phpt @@ -14,6 +14,6 @@ var_dump($var1); --EXPECTF-- Notice: Undefined variable: var in %s on line %d -Warning: mbereg_replace(): mbregex compile err: invalid code point value in %sbug72994.php on line %d +Warning: mbereg_replace(): Pattern is not valid under UTF-8 encoding in %s on line %d bool(false) ===DONE=== diff --git a/ext/mbstring/tests/bug77370.phpt b/ext/mbstring/tests/bug77370.phpt index 73f186bc90..d16fcd724d 100644 --- a/ext/mbstring/tests/bug77370.phpt +++ b/ext/mbstring/tests/bug77370.phpt @@ -7,5 +7,5 @@ Bug #77370 (Buffer overflow on mb regex functions - fetch_token) var_dump(mb_split(" \xfd","")); ?> --EXPECTF-- -Warning: mb_split(): mbregex compile err: invalid code point value in %sbug77370.php on line %d +Warning: mb_split(): Pattern is not valid under UTF-8 encoding in %s on line %d bool(false) diff --git a/ext/mbstring/tests/bug77371.phpt b/ext/mbstring/tests/bug77371.phpt index 2ab04c04f6..25f5ac9aca 100644 --- a/ext/mbstring/tests/bug77371.phpt +++ b/ext/mbstring/tests/bug77371.phpt @@ -7,5 +7,5 @@ Bug #77371 (heap buffer overflow in mb regex functions - compile_string_node) var_dump(mb_ereg("()0\xfc00000\xfc00000\xfc00000\xfc","")); ?> --EXPECTF-- -Warning: mb_ereg(): mbregex compile err: invalid code point value in %sbug77371.php on line %d +Warning: mb_ereg(): Pattern is not valid under UTF-8 encoding in %s on line %d bool(false) diff --git a/ext/mbstring/tests/bug77381.phpt b/ext/mbstring/tests/bug77381.phpt index 3d6dd76a4a..9768cd34de 100644 --- a/ext/mbstring/tests/bug77381.phpt +++ b/ext/mbstring/tests/bug77381.phpt @@ -10,14 +10,14 @@ var_dump(mb_ereg("0000\\"."\xf5","0")); var_dump(mb_ereg("(?i)FFF00000000000000000\xfd","")); ?> --EXPECTF-- -Warning: mb_ereg(): mbregex compile err: invalid code point value in %sbug77381.php on line %d +Warning: mb_ereg(): Pattern is not valid under UTF-8 encoding in %s on line %d bool(false) -Warning: mb_ereg(): mbregex compile err: invalid code point value in %sbug77381.php on line %d +Warning: mb_ereg(): Pattern is not valid under UTF-8 encoding in %s on line %d bool(false) -Warning: mb_ereg(): mbregex compile err: invalid code point value in %sbug77381.php on line %d +Warning: mb_ereg(): Pattern is not valid under UTF-8 encoding in %s on line %d bool(false) -Warning: mb_ereg(): mbregex compile err: invalid code point value in %sbug77381.php on line %d +Warning: mb_ereg(): Pattern is not valid under UTF-8 encoding in %s on line %d bool(false) diff --git a/ext/mbstring/tests/bug77418.phpt b/ext/mbstring/tests/bug77418.phpt index b4acc45c21..32577bc98c 100644 --- a/ext/mbstring/tests/bug77418.phpt +++ b/ext/mbstring/tests/bug77418.phpt @@ -1,5 +1,5 @@ --TEST-- -Bug #77371 (Heap overflow in utf32be_mbc_to_code) +Bug #77418 (Heap overflow in utf32be_mbc_to_code) --SKIPIF-- <?php extension_loaded('mbstring') or die('skip mbstring not available'); ?> --FILE-- @@ -8,7 +8,4 @@ mb_regex_encoding("UTF-32"); var_dump(mb_split("\x00\x00\x00\x5c\x00\x00\x00B","000000000000000000000000000000")); ?> --EXPECT-- -array(1) { - [0]=> - string(30) "000000000000000000000000000000" -} +bool(false) diff --git a/ext/mbstring/tests/mb_ereg_replace_variation1.phpt b/ext/mbstring/tests/mb_ereg_replace_variation1.phpt index 6a1231bf8b..626e9a20e6 100644 --- a/ext/mbstring/tests/mb_ereg_replace_variation1.phpt +++ b/ext/mbstring/tests/mb_ereg_replace_variation1.phpt @@ -110,7 +110,7 @@ string(10) "string_val" -- Iteration 4 -- -Warning: mb_ereg_replace(): mbregex compile err: invalid code point value in %smb_ereg_replace_variation1.php on line %d +Warning: mb_ereg_replace(): Pattern is not valid under UTF-8 encoding in %s on line %d bool(false) -- Iteration 5 -- @@ -118,7 +118,7 @@ string(10) "string_val" -- Iteration 6 -- -Warning: mb_ereg_replace(): mbregex compile err: invalid code point value in %smb_ereg_replace_variation1.php on line %d +Warning: mb_ereg_replace(): Pattern is not valid under UTF-8 encoding in %s on line %d bool(false) -- Iteration 7 -- |