From 229024c7250d0a11fe9a83094a7e30b6fb83ad90 Mon Sep 17 00:00:00 2001
From: Xinchen Hui <laruence@gmail.com>
Date: Wed, 16 Nov 2016 15:05:04 +0800
Subject: [PATCH] Fixed bug #73532 (Null pointer dereference in mb_eregi)

---
 NEWS                             | 3 +++
 ext/mbstring/php_mbregex.c       | 6 ++++--
 ext/mbstring/tests/bug73532.phpt | 8 ++++++++
 3 files changed, 15 insertions(+), 2 deletions(-)
 create mode 100644 ext/mbstring/tests/bug73532.phpt

diff --git a/NEWS b/NEWS
index 86d41c56561..84c4f8715f4 100644
--- a/NEWS
+++ b/NEWS
@@ -8,6 +8,9 @@ PHP                                                                        NEWS
 - Date:
   . Fixed bug #69587 (DateInterval properties and isset). (jhdxr)
 
+- Mbstring:
+  . Fixed bug #73532 (Null pointer dereference in mb_eregi). (Laruence)
+
 - SQLite3:
   . Update to SQLite 3.15.1. (cmb)
 
diff --git a/ext/mbstring/php_mbregex.c b/ext/mbstring/php_mbregex.c
index a9e464fa641..cf341d3599a 100644
--- a/ext/mbstring/php_mbregex.c
+++ b/ext/mbstring/php_mbregex.c
@@ -708,8 +708,10 @@ static void _php_mb_regex_ereg_exec(INTERNAL_FUNCTION_PARAMETERS, int icase)
 	string_len,
 	_php_mb_regex_mbctype2name(MBREX(current_mbctype))
 	)) {
-		zval_dtor(array);
-		array_init(array);
+		if (array != NULL) {
+			zval_dtor(array);
+			array_init(array);
+		}
 		RETURN_FALSE;
 	}
 
diff --git a/ext/mbstring/tests/bug73532.phpt b/ext/mbstring/tests/bug73532.phpt
new file mode 100644
index 00000000000..0bc838b0755
--- /dev/null
+++ b/ext/mbstring/tests/bug73532.phpt
@@ -0,0 +1,8 @@
+--TEST--
+Bug #73532 (Null pointer dereference in mb_eregi)
+--FILE--
+<?php
+var_dump(mb_eregi("a", "\xf5"));
+?>
+--EXPECTF--
+bool(false)