From 392ad206a4f63fedf61d8086e390c73de8b72767 Mon Sep 17 00:00:00 2001 From: Nikita Popov Date: Wed, 29 Jan 2020 12:49:28 +0100 Subject: [PATCH] Fix use of mb_ereg_search_getregs() after invalid pattern This segfaulted because we assumed that if there are matches, there must be a regular expression as well. --- ext/mbstring/php_mbregex.c | 8 +++++--- .../tests/mb_ereg_search_invalid_pattern.phpt | 17 +++++++++++++++++ 2 files changed, 22 insertions(+), 3 deletions(-) create mode 100644 ext/mbstring/tests/mb_ereg_search_invalid_pattern.phpt diff --git a/ext/mbstring/php_mbregex.c b/ext/mbstring/php_mbregex.c index 47dd41ba052..aa1eec16861 100644 --- a/ext/mbstring/php_mbregex.c +++ b/ext/mbstring/php_mbregex.c @@ -1426,6 +1426,11 @@ _php_mb_regex_ereg_search_exec(INTERNAL_FUNCTION_PARAMETERS, int mode) _php_mb_regex_init_options(arg_options, arg_options_len, &option, &syntax, NULL); } + if (MBREX(search_regs)) { + onig_region_free(MBREX(search_regs), 1); + MBREX(search_regs) = NULL; + } + if (arg_pattern) { /* create regex pattern buffer */ if ((MBREX(search_re) = php_mbregex_compile_pattern(arg_pattern, arg_pattern_len, option, MBREX(current_mbctype), MBREX(regex_default_syntax))) == NULL) { @@ -1451,9 +1456,6 @@ _php_mb_regex_ereg_search_exec(INTERNAL_FUNCTION_PARAMETERS, int mode) RETURN_FALSE; } - if (MBREX(search_regs)) { - onig_region_free(MBREX(search_regs), 1); - } MBREX(search_regs) = onig_region_new(); err = _php_mb_onig_search(MBREX(search_re), str, str + len, str + pos, str + len, MBREX(search_regs), 0); diff --git a/ext/mbstring/tests/mb_ereg_search_invalid_pattern.phpt b/ext/mbstring/tests/mb_ereg_search_invalid_pattern.phpt new file mode 100644 index 00000000000..7fe6d311281 --- /dev/null +++ b/ext/mbstring/tests/mb_ereg_search_invalid_pattern.phpt @@ -0,0 +1,17 @@ +--TEST-- +mb_ereg_search() with invalid pattern should discard old matches +--FILE-- + +--EXPECTF-- +bool(true) + +Warning: mb_ereg_search(): Pattern is not valid under UTF-8 encoding in %s on line %d +bool(false) +bool(false)