Merge branch 'PHP-7.4'

* PHP-7.4: PCRE: Only remember valid UTF-8 if start offset zero PCRE: Check whether start offset is on char boundary
2025-08-16 05:58:45 +02:00 · 2020-02-07 17:02:49 +01:00 · 2020-02-07 17:02:49 +01:00 · d2befbc17d
commit d2befbc17d
parent 24127d2e3f cd5591a28d
2 changed files with 56 additions and 4 deletions
--- a/ext/pcre/php_pcre.c
+++ b/ext/pcre/php_pcre.c
@ -1109,6 +1109,22 @@ static void php_do_pcre_match(INTERNAL_FUNCTION_PARAMETERS, int global) /* {{{ *
 }
 /* }}} */
 static zend_always_inline zend_bool is_known_valid_utf8(
 		zend_string *subject_str, PCRE2_SIZE start_offset) {
 	if (!(GC_FLAGS(subject_str) & IS_STR_VALID_UTF8)) {
 		/* We don't know whether the string is valid UTF-8 or not. */
 		return 0;
 	}
 	if (start_offset == ZSTR_LEN(subject_str)) {
 		/* Degenerate case: Offset points to end of string. */
 		return 1;
 	}
 	/* Check that the offset does not point to an UTF-8 continuation byte. */
 	return (ZSTR_VAL(subject_str)[start_offset] & 0xc0) != 0x80;
 }
 /* {{{ php_pcre_match_impl() */
 PHPAPI void php_pcre_match_impl(pcre_cache_entry *pce, zend_string *subject_str, zval *return_value,
 	zval *subpats, int global, int use_flags, zend_long flags, zend_off_t start_offset)
@ -1130,7 +1146,7 @@ PHPAPI void php_pcre_match_impl(pcre_cache_entry *pce, zend_string *subject_str,
 	PCRE2_SPTR       mark = NULL;		/* Target for MARK name */
 	zval			 marks;				/* Array of marks for PREG_PATTERN_ORDER */
 	pcre2_match_data *match_data;
-	PCRE2_SIZE		 start_offset2;
+	PCRE2_SIZE		 start_offset2, orig_start_offset;
 	char *subject = ZSTR_VAL(subject_str);
 	size_t subject_len = ZSTR_LEN(subject_str);
@ -1226,8 +1242,10 @@ PHPAPI void php_pcre_match_impl(pcre_cache_entry *pce, zend_string *subject_str,
 		}
 	}
-	options = (pce->compile_options & PCRE2_UTF) && !(GC_FLAGS(subject_str) & IS_STR_VALID_UTF8)
+	orig_start_offset = start_offset2;
-		? 0 : PCRE2_NO_UTF_CHECK;
+	options =
 		(pce->compile_options & PCRE2_UTF) && !is_known_valid_utf8(subject_str, orig_start_offset)
 			? 0 : PCRE2_NO_UTF_CHECK;
 	/* Execute the regular expression. */
 #ifdef HAVE_PCRE_JIT_SUPPORT
@ -1417,7 +1435,8 @@ error:
 	if (PCRE_G(error_code) == PHP_PCRE_NO_ERROR) {
 		/* If there was no error and we're in /u mode, remember that the string is valid UTF-8. */
-		if ((pce->compile_options & PCRE2_UTF) && !ZSTR_IS_INTERNED(subject_str)) {
+		if ((pce->compile_options & PCRE2_UTF)
 				&& !ZSTR_IS_INTERNED(subject_str) && orig_start_offset == 0) {
 			GC_ADD_FLAGS(subject_str, IS_STR_VALID_UTF8);
 		}
--- a/ext/pcre/tests/bug79241.phpt
+++ b/ext/pcre/tests/bug79241.phpt
@ -0,0 +1,33 @@
 --TEST--
 Bug #79241: Segmentation fault on preg_match()
 --FILE--
 <?php
 // if "’" string is used directly without json_decode,
 // the issue does not reproduce
 $text = json_decode('"’"');
 $pattern = '/\b/u';
 // it has to be exact two calls to preg_match(),
 // with the second call offsetting after the tick symbol
 var_dump(preg_match($pattern, $text, $matches, 0, 0));
 var_dump(preg_match($pattern, $text, $matches, 0, 1));
 var_dump(preg_last_error() == PREG_BAD_UTF8_OFFSET_ERROR);
 echo "\n";
 $text = "VA\xff"; $text .= "LID";
 var_dump(preg_match($pattern, $text, $matches, 0, 4));
 var_dump(preg_match($pattern, $text, $matches, 0, 0));
 var_dump(preg_last_error() == PREG_BAD_UTF8_ERROR);
 ?>
 --EXPECT--
 int(0)
 bool(false)
 bool(true)
 int(1)
 bool(false)
 bool(true)