Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Sign up
Appearance settings

Commit f453d1a

Browse files
committed
Fix GH-16189: underflow on preg_match/preg_match_all start_offset.
close GH-16191 
1 parent f14e5cf commit f453d1a

File tree

3 files changed

+27
-0
lines changed

3 files changed

+27
-0
lines changed

‎NEWS‎

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -37,6 +37,9 @@ PHP NEWS
3737
- OpenSSL:
3838
. Fixed stub for openssl_csr_new. (Jakub Zelenka)
3939

40+
- PCRE:
41+
. Fixed GH-16189 (underflow on offset argument). (David Carlier)
42+
4043
- PHPDBG:
4144
. Fixed bug GH-15901 (phpdbg: Assertion failure on i funcs). (cmb)
4245
. Fixed bug GH-16181 (phpdbg: exit in exception handler reports fatal error).

‎ext/pcre/php_pcre.c‎

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1135,6 +1135,11 @@ static void php_do_pcre_match(INTERNAL_FUNCTION_PARAMETERS, int global) /* {{{ *
11351135
RETURN_FALSE;
11361136
}
11371137

1138+
if (start_offset == ZEND_LONG_MIN) {
1139+
zend_argument_value_error(5, "must be greater than " ZEND_LONG_FMT, ZEND_LONG_MIN);
1140+
RETURN_THROWS();
1141+
}
1142+
11381143
pce->refcount++;
11391144
php_pcre_match_impl(pce, subject, return_value, subpats,
11401145
global, ZEND_NUM_ARGS() >= 4, flags, start_offset);

‎ext/pcre/tests/gh16189.phpt‎

Lines changed: 19 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,19 @@
1+
--TEST--
2+
GH-16189 (preg_match/preg_match_all underflow on start_offset argument)
3+
--FILE--
4+
<?php
5+
6+
try {
7+
preg_match( '/<(\w+)[\s\w\-]+ id="S44_i89ew">/', '<br><div id="S44_i89ew">', $matches, 0, PHP_INT_MIN);
8+
} catch (\ValueError $e) {
9+
echo $e->getMessage() . PHP_EOL;
10+
}
11+
try {
12+
preg_match_all( '/<(\w+)[\s\w\-]+ id="S44_i89ew">/', '<br><div id="S44_i89ew">', $matches, 0, PHP_INT_MIN);
13+
} catch (\ValueError $e) {
14+
echo $e->getMessage() . PHP_EOL;
15+
}
16+
?>
17+
--EXPECTF--
18+
preg_match(): Argument #5 ($offset) must be greater than %s
19+
preg_match_all(): Argument #5 ($offset) must be greater than %s

0 commit comments

Comments
(0)

AltStyle によって変換されたページ (->オリジナル) /