archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-16 05:58:45 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Validate subject encoding in mb_split and mb_ereg_match

Browse source 
We were already validating the subject encoding in most functions,
but not these two.
This commit is contained in:
Nikita Popov 2019-02-11 12:31:59 +01:00 committed by Stanislav Malyshev
parent 40fe50daf6
commit 0ecac37c40
2 changed files with 12 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

10
ext/mbstring/php_mbregex.c
View file

@ -1114,6 +1114,11 @@ PHP_FUNCTION(mb_split)
count--;
}
if (!php_mb_check_encoding(string, string_len,
_php_mb_regex_mbctype2name(MBREX(current_mbctype)))) {
RETURN_FALSE;
}
/* create regex pattern buffer */
if ((re = php_mbregex_compile_pattern(arg_pattern, arg_pattern_len, MBREX(regex_default_options), MBREX(current_mbctype), MBREX(regex_default_syntax))) == NULL) {
RETURN_FALSE;
@ -1203,6 +1208,11 @@ PHP_FUNCTION(mb_ereg_match)
}
}
if (!php_mb_check_encoding(string, string_len,
_php_mb_regex_mbctype2name(MBREX(current_mbctype)))) {
RETURN_FALSE;
}
if ((re = php_mbregex_compile_pattern(arg_pattern, arg_pattern_len, option, MBREX(current_mbctype), syntax)) == NULL) {
RETURN_FALSE;
}

7
ext/mbstring/tests/bug77418.phpt
View file

@ -1,5 +1,5 @@
--TEST--
Bug #77371 (Heap overflow in utf32be_mbc_to_code)
Bug #77418 (Heap overflow in utf32be_mbc_to_code)
--SKIPIF--
<?php extension_loaded('mbstring') or die('skip mbstring not available'); ?>
--FILE--
@ -8,7 +8,4 @@ mb_regex_encoding("UTF-32");
var_dump(mb_split("\x00\x00\x00\x5c\x00\x00\x00B","000000000000000000000000000000"));
?>
--EXPECT--
array(1) {
[0]=>
string(30) "000000000000000000000000000000"
}
bool(false)