diff options
author | ju1ius <ju1ius@laposte.net> | 2016-07-30 06:08:25 +0200 |
---|---|---|
committer | Christoph M. Becker <cmb@php.net> | 2016-07-30 11:46:34 +0200 |
commit | 1d32b809034ea4cd0e765ae9fda6ca16ae045fdd (patch) | |
tree | d17373c99f4645edf726873b7a9b6c9d9da6dfea | |
parent | f67ccd4a7b8fb4b9e55796e69b152e2a899ba3cd (diff) | |
download | php-git-1d32b809034ea4cd0e765ae9fda6ca16ae045fdd.tar.gz |
fixes bad address given to onig_error_code_to_str
Closes bug #72710
(cherry picked from commit 0fb7eb6723bcc6fd98053911543e801edb5ab763)
-rw-r--r-- | NEWS | 2 | ||||
-rw-r--r-- | ext/mbstring/php_mbregex.c | 2 | ||||
-rw-r--r-- | ext/mbstring/tests/bug72710.phpt | 12 |
3 files changed, 15 insertions, 1 deletions
@@ -54,6 +54,8 @@ PHP NEWS zero-width). (cmb) . Fixed bug #72694 (mb_ereg_search_setpos does not accept a string's last position). (cmb) + . Fixed bug #72710 (`mb_ereg` causes buffer overflow on regexp compile error). + (ju1ius) - PCRE: . Fixed bug #72688 (preg_match missing group names in matches). (cmb) diff --git a/ext/mbstring/php_mbregex.c b/ext/mbstring/php_mbregex.c index 9873a85da1..7e9756fa15 100644 --- a/ext/mbstring/php_mbregex.c +++ b/ext/mbstring/php_mbregex.c @@ -456,7 +456,7 @@ static php_mb_regex_t *php_mbregex_compile_pattern(const char *pattern, int patl found = zend_hash_find(&MBREX(ht_rc), (char *)pattern, patlen+1, (void **) &rc); if (found == FAILURE || (*rc)->options != options || (*rc)->enc != enc || (*rc)->syntax != syntax) { if ((err_code = onig_new(&retval, (OnigUChar *)pattern, (OnigUChar *)(pattern + patlen), options, enc, syntax, &err_info)) != ONIG_NORMAL) { - onig_error_code_to_str(err_str, err_code, err_info); + onig_error_code_to_str(err_str, err_code, &err_info); php_error_docref(NULL TSRMLS_CC, E_WARNING, "mbregex compile err: %s", err_str); retval = NULL; goto out; diff --git a/ext/mbstring/tests/bug72710.phpt b/ext/mbstring/tests/bug72710.phpt new file mode 100644 index 0000000000..19becc5010 --- /dev/null +++ b/ext/mbstring/tests/bug72710.phpt @@ -0,0 +1,12 @@ +--TEST-- +Bug #72710 (`mb_ereg` causes buffer overflow on regexp compile error) +--SKIPIF-- +<?php +if (!extension_loaded('mbstring')) die('skip ext/mbstring required'); +?> +--FILE-- +<?php +mb_ereg('(?<0>a)', 'a'); +?> +--EXPECTF-- +Warning: mb_ereg(): mbregex compile err: invalid group name <0> in %s on line %d |