From 392ad206a4f63fedf61d8086e390c73de8b72767 Mon Sep 17 00:00:00 2001 From: Nikita Popov Date: Wed, 29 Jan 2020 12:49:28 +0100 Subject: Fix use of mb_ereg_search_getregs() after invalid pattern This segfaulted because we assumed that if there are matches, there must be a regular expression as well. --- ext/mbstring/php_mbregex.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) (limited to 'ext/mbstring/php_mbregex.c') diff --git a/ext/mbstring/php_mbregex.c b/ext/mbstring/php_mbregex.c index 47dd41ba05..aa1eec1686 100644 --- a/ext/mbstring/php_mbregex.c +++ b/ext/mbstring/php_mbregex.c @@ -1426,6 +1426,11 @@ _php_mb_regex_ereg_search_exec(INTERNAL_FUNCTION_PARAMETERS, int mode) _php_mb_regex_init_options(arg_options, arg_options_len, &option, &syntax, NULL); } + if (MBREX(search_regs)) { + onig_region_free(MBREX(search_regs), 1); + MBREX(search_regs) = NULL; + } + if (arg_pattern) { /* create regex pattern buffer */ if ((MBREX(search_re) = php_mbregex_compile_pattern(arg_pattern, arg_pattern_len, option, MBREX(current_mbctype), MBREX(regex_default_syntax))) == NULL) { @@ -1451,9 +1456,6 @@ _php_mb_regex_ereg_search_exec(INTERNAL_FUNCTION_PARAMETERS, int mode) RETURN_FALSE; } - if (MBREX(search_regs)) { - onig_region_free(MBREX(search_regs), 1); - } MBREX(search_regs) = onig_region_new(); err = _php_mb_onig_search(MBREX(search_re), str, str + len, str + pos, str + len, MBREX(search_regs), 0); -- cgit v1.2.1