Nested PCRE calls may clobber extra->mark and it has to be reinitailized

This fixes invalid memory writes (detected with valgrind) in Zend/tests/closure_047.phpt and Zend/tests/closure_048.phpt.

diff --git a/ext/pcre/php_pcre.c b/ext/pcre/php_pcre.c
index 636bafae15561e266e735162ae6d4c43c731d43d..952dcb11bd6f6bb750be10ef1101311a070ecdfa 100644 (file)
--- a/ext/pcre/php_pcre.c
+++ b/ext/pcre/php_pcre.c
@@ -1058,10 +1058,6 @@ PHPAPI zend_string *php_pcre_replace_impl(pcre_cache_entry *pce, char *subject,
        }
        extra->match_limit = PCRE_G(backtrack_limit);
        extra->match_limit_recursion = PCRE_G(recursion_limit);
-#ifdef PCRE_EXTRA_MARK
-       extra->mark = &mark;
-       extra->flags |= PCRE_EXTRA_MARK;
-#endif
 
        eval = pce->preg_options & PREG_REPLACE_EVAL;
        if (is_callable_replace) {
@@ -1110,6 +1106,10 @@ PHPAPI zend_string *php_pcre_replace_impl(pcre_cache_entry *pce, char *subject,
        PCRE_G(error_code) = PHP_PCRE_NO_ERROR;
        
        while (1) {
+#ifdef PCRE_EXTRA_MARK
+               extra->mark = &mark;
+               extra->flags |= PCRE_EXTRA_MARK;
+#endif
                /* Execute the regular expression. */
                count = pcre_exec(pce->re, extra, subject, subject_len, start_offset,
                                                  exoptions|g_notempty, offsets, size_offsets);