php/archived-php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2026-03-24 16:22:37 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fixed(attempt to) bug #72405 (mb_ereg_replace - mbc_to_code (oniguruma) - oob read access)

Browse Source 
according to ext/mbstring/oniguruma/enc/utf8.c, max bytes are 6
This commit is contained in:
Xinchen Hui
2016-06-15 14:54:57 +08:00
parent 3d56418722
commit 999a3553d5
2 changed files with 5 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
NEWS
View File

@@ -3,6 +3,8 @@ PHP NEWS
?? ??? 2016 PHP 7.0.9
- Mbstring:
. Fixed bug #72405 (mb_ereg_replace - mbc_to_code (oniguruma) -
oob read access). (Laruence)
. Fixed bug #72399 (Use-After-Free in MBString (search_re)). (Laruence)
- Standard:

4
ext/mbstring/php_mbregex.c
View File

@@ -811,7 +811,7 @@ static void _php_mb_regex_ereg_replace_exec(INTERNAL_FUNCTION_PARAMETERS, OnigOp
OnigUChar *pos;
OnigUChar *string_lim;
char *description = NULL;
char pat_buf[4];
char pat_buf[6];
const mbfl_encoding *enc;
@@ -864,6 +864,8 @@ static void _php_mb_regex_ereg_replace_exec(INTERNAL_FUNCTION_PARAMETERS, OnigOp
pat_buf[1] = '\0';
pat_buf[2] = '\0';
pat_buf[3] = '\0';
pat_buf[4] = '\0';
pat_buf[5] = '\0';
arg_pattern = pat_buf;
arg_pattern_len = 1;