archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-16 14:08:47 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Fixed bug #73646 (mb_ereg_search_init null pointer dereference)

Browse source
This commit is contained in:
Xinchen Hui 2016-12-09 15:55:07 +08:00
parent 4faa540b45
commit 6a43c61bcd
3 changed files with 21 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

12
ext/mbstring/php_mbregex.c
View file

@ -1345,13 +1345,13 @@ PHP_FUNCTION(mb_ereg_search_regs)
PHP_FUNCTION(mb_ereg_search_init)
{
size_t argc = ZEND_NUM_ARGS();
zval *arg_str;
zend_string *arg_str;
char *arg_pattern = NULL, *arg_options = NULL;
size_t arg_pattern_len = 0, arg_options_len = 0;
OnigSyntaxType *syntax = NULL;
OnigOptionType option;
if (zend_parse_parameters(argc, "z|ss", &arg_str, &arg_pattern, &arg_pattern_len, &arg_options, &arg_options_len) == FAILURE) {
if (zend_parse_parameters(argc, "S|ss", &arg_str, &arg_pattern, &arg_pattern_len, &arg_options, &arg_options_len) == FAILURE) {
return;
}
@ -1379,17 +1379,17 @@ PHP_FUNCTION(mb_ereg_search_init)
zval_ptr_dtor(&MBREX(search_str));
}
ZVAL_DUP(&MBREX(search_str), arg_str);
ZVAL_STR_COPY(&MBREX(search_str), arg_str);
if (php_mb_check_encoding(
Z_STRVAL_P(arg_str),
Z_STRLEN_P(arg_str),
ZSTR_VAL(arg_str),
ZSTR_LEN(arg_str),
_php_mb_regex_mbctype2name(MBREX(current_mbctype))
)) {
MBREX(search_pos) = 0;
RETVAL_TRUE;
} else {
MBREX(search_pos) = Z_STRLEN_P(arg_str);
MBREX(search_pos) = ZSTR_LEN(arg_str);
RETVAL_FALSE;
}