mirrors/php-src
0
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2024-11-24 10:24:11 +08:00
Code Issues Packages Projects Releases Wiki Activity

fixes bad address given to onig_error_code_to_str

Browse Source 
Closes bug #72710
This commit is contained in:
ju1ius 2016-07-30 06:08:25 +02:00
parent 64feff88f1
commit 0fb7eb6723
2 changed files with 13 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
ext/mbstring/php_mbregex.c
View File

@ -454,7 +454,7 @@ static php_mb_regex_t *php_mbregex_compile_pattern(const char *pattern, int patl
rc = zend_hash_str_find_ptr(&MBREX(ht_rc), (char *)pattern, patlen);
if (!rc || rc->options != options || rc->enc != enc || rc->syntax != syntax) {
if ((err_code = onig_new(&retval, (OnigUChar *)pattern, (OnigUChar *)(pattern + patlen), options, enc, syntax, &err_info)) != ONIG_NORMAL) {
onig_error_code_to_str(err_str, err_code, err_info);
onig_error_code_to_str(err_str, err_code, &err_info);
php_error_docref(NULL, E_WARNING, "mbregex compile err: %s", err_str);
retval = NULL;
goto out;

12
ext/mbstring/tests/bug72710.phpt Normal file
View File

@ -0,0 +1,12 @@
--TEST--
Bug #72710 (`mb_ereg` causes buffer overflow on regexp compile error)
--SKIPIF--
<?php
if (!extension_loaded('mbstring')) die('skip ext/mbstring required');
?>
--FILE--
<?php
mb_ereg('(?<0>a)', 'a');
?>
--EXPECTF--
Warning: mb_ereg(): mbregex compile err: invalid group name <0> in %s on line %d