[PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/NEWS branches/PHP_5_3/ext/mbstring/php_mbregex.c branches/PHP_5_3/ext/mbstring/tests/empty_pattern.phpt branches/PHP_5_4/NEWS branches/PHP_5_4/ext/mbstring/php_mbregex.c branches/PHP_5_4/ext/mbstring/tests/empty_pattern.phpt trunk/ext/mbstring/php_mbregex.c trunk/ext/mbstring/tests/empty_pattern.phpt

Mon, 21 Nov 2011 11:15:48 -0800 

felipe                                   Mon, 21 Nov 2011 19:15:18 +0000

Revision: http://svn.php.net/viewvc?view=revision&revision=319649

Log:
- Fixed possible crash in mb_ereg_search_init() using empty pattern

Changed paths:
    U   php/php-src/branches/PHP_5_3/NEWS
    U   php/php-src/branches/PHP_5_3/ext/mbstring/php_mbregex.c
    A   php/php-src/branches/PHP_5_3/ext/mbstring/tests/empty_pattern.phpt
    U   php/php-src/branches/PHP_5_4/NEWS
    U   php/php-src/branches/PHP_5_4/ext/mbstring/php_mbregex.c
    A   php/php-src/branches/PHP_5_4/ext/mbstring/tests/empty_pattern.phpt
    U   php/php-src/trunk/ext/mbstring/php_mbregex.c
    A   php/php-src/trunk/ext/mbstring/tests/empty_pattern.phpt

Modified: php/php-src/branches/PHP_5_3/NEWS
===================================================================
--- php/php-src/branches/PHP_5_3/NEWS   2011-11-21 18:52:00 UTC (rev 319648)
+++ php/php-src/branches/PHP_5_3/NEWS   2011-11-21 19:15:18 UTC (rev 319649)
@@ -35,6 +35,9 @@
   . Fixed bug #60160 (imagefill() doesn't work correctly
     for small images). (Florian)

+- Mbstring:
+  . Fixed possible crash in mb_ereg_search_init() using empty pattern. (Felipe)
+
 - MS SQL:
   . Fixed bug #60267 (Compile failure with freetds 0.91). (Felipe)


Modified: php/php-src/branches/PHP_5_3/ext/mbstring/php_mbregex.c
===================================================================
--- php/php-src/branches/PHP_5_3/ext/mbstring/php_mbregex.c     2011-11-21 
18:52:00 UTC (rev 319648)
+++ php/php-src/branches/PHP_5_3/ext/mbstring/php_mbregex.c     2011-11-21 
19:15:18 UTC (rev 319649)
@@ -1245,14 +1245,19 @@
 {
        size_t argc = ZEND_NUM_ARGS();
        zval *arg_str;
-       char *arg_pattern, *arg_options;
-       int arg_pattern_len, arg_options_len;
+       char *arg_pattern = NULL, *arg_options = NULL;
+       int arg_pattern_len = 0, arg_options_len = 0;
        OnigSyntaxType *syntax = NULL;
        OnigOptionType option;

        if (zend_parse_parameters(argc TSRMLS_CC, "z|ss", &arg_str, 
&arg_pattern, &arg_pattern_len, &arg_options, &arg_options_len) == FAILURE) {
                return;
        }
+
+       if (arg_pattern_len == 0) {
+               php_error_docref(NULL TSRMLS_CC, E_WARNING, "Empty pattern");
+               RETURN_FALSE;
+       }

        option = MBREX(regex_default_options);
        syntax = MBREX(regex_default_syntax);

Added: php/php-src/branches/PHP_5_3/ext/mbstring/tests/empty_pattern.phpt
===================================================================
--- php/php-src/branches/PHP_5_3/ext/mbstring/tests/empty_pattern.phpt          
                (rev 0)
+++ php/php-src/branches/PHP_5_3/ext/mbstring/tests/empty_pattern.phpt  
2011-11-21 19:15:18 UTC (rev 319649)
@@ -0,0 +1,18 @@
+--TEST--
+Check for empty pattern
+--SKIPIF--
+<?php extension_loaded('mbstring') or die('skip mbstring not available'); ?>
+--FILE--
+<?php
+
+mb_ereg_search_init("","","");
+mb_split("","");
+mb_ereg_search_regs();
+
+?>
+--EXPECTF--
+Warning: mb_ereg_search_init(): Empty pattern in %s on line %d
+
+Warning: mb_split(): Empty regular expression in %s on line %d
+
+Warning: mb_ereg_search_regs(): No regex given in %s on line %d

Modified: php/php-src/branches/PHP_5_4/NEWS
===================================================================
--- php/php-src/branches/PHP_5_4/NEWS   2011-11-21 18:52:00 UTC (rev 319648)
+++ php/php-src/branches/PHP_5_4/NEWS   2011-11-21 19:15:18 UTC (rev 319649)
@@ -45,6 +45,7 @@
 - Mbstring
   . Fixed bug #60306 (Characters lost while converting from cp936 to utf8).
     (Laruence)
+  . Fixed possible crash in mb_ereg_search_init() using empty pattern. (Felipe)

 - CLI SAPI:
   . Fixed bug #60159 (Router returns false, but POST is not passed to requested

Modified: php/php-src/branches/PHP_5_4/ext/mbstring/php_mbregex.c
===================================================================
--- php/php-src/branches/PHP_5_4/ext/mbstring/php_mbregex.c     2011-11-21 
18:52:00 UTC (rev 319648)
+++ php/php-src/branches/PHP_5_4/ext/mbstring/php_mbregex.c     2011-11-21 
19:15:18 UTC (rev 319649)
@@ -1245,14 +1245,19 @@
 {
        size_t argc = ZEND_NUM_ARGS();
        zval *arg_str;
-       char *arg_pattern, *arg_options;
-       int arg_pattern_len, arg_options_len;
+       char *arg_pattern = NULL, *arg_options = NULL;
+       int arg_pattern_len = 0, arg_options_len = 0;
        OnigSyntaxType *syntax = NULL;
        OnigOptionType option;

        if (zend_parse_parameters(argc TSRMLS_CC, "z|ss", &arg_str, 
&arg_pattern, &arg_pattern_len, &arg_options, &arg_options_len) == FAILURE) {
                return;
        }
+
+       if (arg_pattern_len == 0) {
+               php_error_docref(NULL TSRMLS_CC, E_WARNING, "Empty pattern");
+               RETURN_FALSE;
+       }

        option = MBREX(regex_default_options);
        syntax = MBREX(regex_default_syntax);

Added: php/php-src/branches/PHP_5_4/ext/mbstring/tests/empty_pattern.phpt
===================================================================
--- php/php-src/branches/PHP_5_4/ext/mbstring/tests/empty_pattern.phpt          
                (rev 0)
+++ php/php-src/branches/PHP_5_4/ext/mbstring/tests/empty_pattern.phpt  
2011-11-21 19:15:18 UTC (rev 319649)
@@ -0,0 +1,18 @@
+--TEST--
+Check for empty pattern
+--SKIPIF--
+<?php extension_loaded('mbstring') or die('skip mbstring not available'); ?>
+--FILE--
+<?php
+
+mb_ereg_search_init("","","");
+mb_split("","");
+mb_ereg_search_regs();
+
+?>
+--EXPECTF--
+Warning: mb_ereg_search_init(): Empty pattern in %s on line %d
+
+Warning: mb_split(): Empty regular expression in %s on line %d
+
+Warning: mb_ereg_search_regs(): No regex given in %s on line %d

Modified: php/php-src/trunk/ext/mbstring/php_mbregex.c
===================================================================
--- php/php-src/trunk/ext/mbstring/php_mbregex.c        2011-11-21 18:52:00 UTC 
(rev 319648)
+++ php/php-src/trunk/ext/mbstring/php_mbregex.c        2011-11-21 19:15:18 UTC 
(rev 319649)
@@ -1310,14 +1310,19 @@
 {
        size_t argc = ZEND_NUM_ARGS();
        zval *arg_str;
-       char *arg_pattern, *arg_options;
-       int arg_pattern_len, arg_options_len;
+       char *arg_pattern = NULL, *arg_options = NULL;
+       int arg_pattern_len = 0, arg_options_len = 0;
        OnigSyntaxType *syntax = NULL;
        OnigOptionType option;

        if (zend_parse_parameters(argc TSRMLS_CC, "z|ss", &arg_str, 
&arg_pattern, &arg_pattern_len, &arg_options, &arg_options_len) == FAILURE) {
                return;
        }
+
+       if (arg_pattern_len == 0) {
+               php_error_docref(NULL TSRMLS_CC, E_WARNING, "Empty pattern");
+               RETURN_FALSE;
+       }

        option = MBREX(regex_default_options);
        syntax = MBREX(regex_default_syntax);

Added: php/php-src/trunk/ext/mbstring/tests/empty_pattern.phpt
===================================================================
--- php/php-src/trunk/ext/mbstring/tests/empty_pattern.phpt                     
        (rev 0)
+++ php/php-src/trunk/ext/mbstring/tests/empty_pattern.phpt     2011-11-21 
19:15:18 UTC (rev 319649)
@@ -0,0 +1,18 @@
+--TEST--
+Check for empty pattern
+--SKIPIF--
+<?php extension_loaded('mbstring') or die('skip mbstring not available'); ?>
+--FILE--
+<?php
+
+mb_ereg_search_init("","","");
+mb_split("","");
+mb_ereg_search_regs();
+
+?>
+--EXPECTF--
+Warning: mb_ereg_search_init(): Empty pattern in %s on line %d
+
+Warning: mb_split(): Empty regular expression in %s on line %d
+
+Warning: mb_ereg_search_regs(): No regex given in %s on line %d


-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to