From 7c7698f754ea19435e5b0d2bcf096e446e0bb828 Mon Sep 17 00:00:00 2001 From: Ilija Tovilo Date: Tue, 23 May 2023 13:55:50 +0200 Subject: [PATCH] Fix preg_replace_callback_array() pattern validation Closes GH-11301 --- NEWS | 3 +++ ext/pcre/php_pcre.c | 4 ++++ ...eplace_callback_array_numeric_index_error.phpt | 15 +++++++++++++++ 3 files changed, 22 insertions(+) create mode 100644 ext/pcre/tests/preg_replace_callback_array_numeric_index_error.phpt diff --git a/NEWS b/NEWS index f352246fb79..10cda5af84c 100644 --- a/NEWS +++ b/NEWS @@ -2,6 +2,9 @@ PHP NEWS ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| ?? ??? ????, PHP 8.2.8 +- PCRE: + . Fix preg_replace_callback_array() pattern validation. (ilutov) + - Standard: . Fix access on NULL pointer in array_merge_recursive(). (ilutov) diff --git a/ext/pcre/php_pcre.c b/ext/pcre/php_pcre.c index 82560ddd83a..ea5e6a01ff0 100644 --- a/ext/pcre/php_pcre.c +++ b/ext/pcre/php_pcre.c @@ -2425,6 +2425,10 @@ PHP_FUNCTION(preg_replace_callback_array) zend_argument_type_error(1, "must contain only valid callbacks"); goto error; } + if (!str_idx_regex) { + zend_argument_type_error(1, "must contain only string patterns as keys"); + goto error; + } ZVAL_COPY_VALUE(&fci.function_name, replace); diff --git a/ext/pcre/tests/preg_replace_callback_array_numeric_index_error.phpt b/ext/pcre/tests/preg_replace_callback_array_numeric_index_error.phpt new file mode 100644 index 00000000000..55dfabce864 --- /dev/null +++ b/ext/pcre/tests/preg_replace_callback_array_numeric_index_error.phpt @@ -0,0 +1,15 @@ +--TEST-- +preg_replace_callback_array() invalid pattern +--FILE-- + function () {}], + 'a', +); +?> +--EXPECTF-- +Fatal error: Uncaught TypeError: preg_replace_callback_array(): Argument #1 ($pattern) must contain only string patterns as keys in %s:%d +Stack trace: +#0 %s(%d): preg_replace_callback_array(Array, 'a') +#1 {main} + thrown in %s on line %d