From 376ab3b7873ca04142185d8c08dbb4c4be152474 Mon Sep 17 00:00:00 2001
From: Dmitry Stogov <dmitry@zend.com>
Date: Tue, 13 May 2014 12:14:55 +0400
Subject: Nested PCRE calls may clobber extra->mark and it has to be
 reinitailized This fixes invalid memory writes (detected with valgrind) in
 Zend/tests/closure_047.phpt and Zend/tests/closure_048.phpt.

---
 ext/pcre/php_pcre.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

(limited to 'ext/pcre/php_pcre.c')

diff --git a/ext/pcre/php_pcre.c b/ext/pcre/php_pcre.c
index 636bafae15..952dcb11bd 100644
--- a/ext/pcre/php_pcre.c
+++ b/ext/pcre/php_pcre.c
@@ -1058,10 +1058,6 @@ PHPAPI zend_string *php_pcre_replace_impl(pcre_cache_entry *pce, char *subject,
 	}
 	extra->match_limit = PCRE_G(backtrack_limit);
 	extra->match_limit_recursion = PCRE_G(recursion_limit);
-#ifdef PCRE_EXTRA_MARK
-	extra->mark = &mark;
-	extra->flags |= PCRE_EXTRA_MARK;
-#endif
 
 	eval = pce->preg_options & PREG_REPLACE_EVAL;
 	if (is_callable_replace) {
@@ -1110,6 +1106,10 @@ PHPAPI zend_string *php_pcre_replace_impl(pcre_cache_entry *pce, char *subject,
 	PCRE_G(error_code) = PHP_PCRE_NO_ERROR;
 	
 	while (1) {
+#ifdef PCRE_EXTRA_MARK
+		extra->mark = &mark;
+		extra->flags |= PCRE_EXTRA_MARK;
+#endif
 		/* Execute the regular expression. */
 		count = pcre_exec(pce->re, extra, subject, subject_len, start_offset,
 						  exoptions|g_notempty, offsets, size_offsets);
-- 
cgit v1.2.1