archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-17 14:38:49 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Fixed(attempt to) bug #72405 (mb_ereg_replace - mbc_to_code (oniguruma) - oob read access)

Browse source 
according to ext/mbstring/oniguruma/enc/utf8.c, max bytes are 6
This commit is contained in:
Xinchen Hui 2016-06-15 14:54:57 +08:00
parent 3d56418722
commit 999a3553d5
2 changed files with 5 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
NEWS
View file

@ -3,6 +3,8 @@ PHP NEWS
?? ??? 2016 PHP 7.0.9
- Mbstring:
. Fixed bug #72405 (mb_ereg_replace - mbc_to_code (oniguruma) -
oob read access). (Laruence)
. Fixed bug #72399 (Use-After-Free in MBString (search_re)). (Laruence)
- Standard:

4
ext/mbstring/php_mbregex.c
View file

@ -811,7 +811,7 @@ static void _php_mb_regex_ereg_replace_exec(INTERNAL_FUNCTION_PARAMETERS, OnigOp
OnigUChar *pos;
OnigUChar *string_lim;
char *description = NULL;
char pat_buf[4];
char pat_buf[6];
const mbfl_encoding *enc;
@ -864,6 +864,8 @@ static void _php_mb_regex_ereg_replace_exec(INTERNAL_FUNCTION_PARAMETERS, OnigOp
pat_buf[1] = '\0';
pat_buf[2] = '\0';
pat_buf[3] = '\0';
pat_buf[4] = '\0';
pat_buf[5] = '\0';
arg_pattern = pat_buf;
arg_pattern_len = 1;