mirrors/php-src
0
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-01-21 11:13:38 +08:00
Code Issues Packages Projects Releases Wiki Activity

Fixed bug #6740.

Browse Source 
I happen to think that this is php_addslashes() problem, not PCRE's.
When 0 is passed for the length of the string to php_addslashes() it
assumes that we want to process the whole string and happily runs
strlen() on it. That is bad. It should respect the length and return
an empty string if it's 0.
This commit is contained in:
Andrei Zmievski 2000-09-14 15:44:36 +00:00
parent 28690c3d16
commit b111463f4c
1 changed files with 8 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
ext/pcre/php_pcre.c
View File

@ -560,7 +560,12 @@ static int preg_do_eval(char *eval_str, int eval_str_len, char *subject,
in instead of the backref */
match = subject + offsets[backref<<1];
match_len = offsets[(backref<<1)+1] - offsets[backref<<1];
esc_match = php_addslashes(match, match_len, &esc_match_len, 0);
if (match_len)
esc_match = php_addslashes(match, match_len, &esc_match_len, 0);
else {
esc_match = match;
esc_match_len = 0;
}
sprintf(backref_buf, "\\%d", backref);
new_code = php_str_to_str(code, code_len,
backref_buf, (backref > 9) ? 3 : 2,
@ -570,7 +575,8 @@ static int preg_do_eval(char *eval_str, int eval_str_len, char *subject,
walk = new_code + (walk - code) + match_len;
/* Clean up and reassign */
efree(esc_match);
if (esc_match_len)
efree(esc_match);
efree(code);
code = new_code;
code_len = new_code_len;