From 40fe50daf6069f73d0be43d8fcd7d5953053c10d Mon Sep 17 00:00:00 2001
From: Nikita Popov <nikita.ppv@gmail.com>
Date: Mon, 11 Feb 2019 12:10:40 +0100
Subject: Validate pattern against mbregex encoding

Oniguruma does not consistently perform this validation itself (at least
on older versions), so make sure we check pattern encoding validity on the
PHP side.
---
 ext/mbstring/php_mbregex.c | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

(limited to 'ext/mbstring/php_mbregex.c')

diff --git a/ext/mbstring/php_mbregex.c b/ext/mbstring/php_mbregex.c
index 5b40661b09..ab4fe38df2 100644
--- a/ext/mbstring/php_mbregex.c
+++ b/ext/mbstring/php_mbregex.c
@@ -451,13 +451,18 @@ static php_mb_regex_t *php_mbregex_compile_pattern(const char *pattern, int patl
 	OnigErrorInfo err_info;
 	OnigUChar err_str[ONIG_MAX_ERROR_MESSAGE_LEN];
 
+	if (!php_mb_check_encoding(pattern, patlen, _php_mb_regex_mbctype2name(enc))) {
+		php_error_docref(NULL, E_WARNING,
+			"Pattern is not valid under %s encoding", _php_mb_regex_mbctype2name(enc));
+		return NULL;
+	}
+
 	rc = zend_hash_str_find_ptr(&MBREX(ht_rc), (char *)pattern, patlen);
 	if (!rc || onig_get_options(rc) != options || onig_get_encoding(rc) != enc || onig_get_syntax(rc) != syntax) {
 		if ((err_code = onig_new(&retval, (OnigUChar *)pattern, (OnigUChar *)(pattern + patlen), options, enc, syntax, &err_info)) != ONIG_NORMAL) {
 			onig_error_code_to_str(err_str, err_code, &err_info);
 			php_error_docref(NULL, E_WARNING, "mbregex compile err: %s", err_str);
-			retval = NULL;
-			goto out;
+			return NULL;
 		}
 		if (rc == MBREX(search_re)) {
 			/* reuse the new rc? see bug #72399 */
@@ -467,7 +472,6 @@ static php_mb_regex_t *php_mbregex_compile_pattern(const char *pattern, int patl
 	} else {
 		retval = rc;
 	}
-out:
 	return retval;
 }
 /* }}} */
-- 
cgit v1.2.1