Fix #78338: Array cross-border reading in PCRE

author Christoph M. Becker <cmbecker69@gmx.de>

Mon, 29 Jul 2019 17:31:47 +0000 (19:31 +0200)

committer Stanislav Malyshev <stas@php.net>

Mon, 29 Jul 2019 21:49:33 +0000 (14:49 -0700)
author Christoph M. Becker <cmbecker69@gmx.de>
Mon, 29 Jul 2019 17:31:47 +0000 (19:31 +0200)
committer Stanislav Malyshev <stas@php.net>
Mon, 29 Jul 2019 21:49:33 +0000 (14:49 -0700)
diff --git a/ext/pcre/pcre2lib/pcre2_jit_compile.c b/ext/pcre/pcre2lib/pcre2_jit_compile.c

index e2b08ba22a3f0ff13f48b907e3826df1193abc3c..c491be2917de2d6475f9603675002c5bbffe8cf0 100644 (file)
--- a/ext/pcre/pcre2lib/pcre2_jit_compile.c
+++ b/ext/pcre/pcre2lib/pcre2_jit_compile.c
@@ -7288,7 +7288,7 @@ int lgb, rgb, ricount;
  PCRE2_SPTR bptr;
  uint32_t c;
  
-GETCHARINC(c, cc);
+c = *cc++;
  lgb = UCD_GRAPHBREAK(c);
  
  while (cc < end_subject)
diff --git a/ext/pcre/tests/bug78338.phpt b/ext/pcre/tests/bug78338.phpt

new file mode 100644 (file)

index 0000000..ec5bf1b
--- /dev/null
+++ b/ext/pcre/tests/bug78338.phpt
@@ -0,0 +1,10 @@
+--TEST--
+Bug #78338 (Array cross-border reading in PCRE)
+--FILE--
+<?php
+$string = hex2bin('2f5c583f3d3f223f3536ff3636ffffffff36a8a8a83636367a7a7a7a3d2aff2f0a');
+preg_match($string, $string);
+echo "DONE\n";
+?>
+--EXPECT--
+DONE
author	Christoph M. Becker <cmbecker69@gmx.de>
	Mon, 29 Jul 2019 17:31:47 +0000 (19:31 +0200)
committer	Stanislav Malyshev <stas@php.net>
	Mon, 29 Jul 2019 21:49:33 +0000 (14:49 -0700)
ext/pcre/pcre2lib/pcre2_jit_compile.c		patch \| blob \| history
ext/pcre/tests/bug78338.phpt	[new file with mode: 0644]	patch \| blob