/* null terminate buffer */
smart_str_appendc(&eval_buf, '\0');
/* do eval */
- zend_eval_string(eval_buf.c, &v, description TSRMLS_CC);
+ if (zend_eval_string(eval_buf.c, &v, description TSRMLS_CC) == FAILURE) {
+ efree(description);
+ php_error_docref(NULL TSRMLS_CC,E_ERROR, "Failed evaluating code: %s%s", PHP_EOL, eval_buf.c);
+ /* zend_error() does not return in this case */
+ }
+
/* result of eval */
convert_to_string(&v);
smart_str_appendl(&out_buf, Z_STRVAL(v), Z_STRLEN(v));
--- /dev/null
+--TEST--
+Bug #31911 (mb_ereg*_replace() crashes when replacement string is invalid PHP expression and 'e' option is used)
+--SKIPIF--
+<?php extension_loaded('mbstring') or die('skip mbstring not available'); ?>
+--FILE--
+<?php
+
+$ptr = 'hello';
+
+$txt = <<<doc
+hello, I have got a cr*sh on you
+doc;
+
+echo mb_ereg_replace($ptr,'$1',$txt,'e');
+
+?>
+--EXPECTF--
+Parse error: syntax error, unexpected T_LNUMBER, expecting T_VARIABLE or '$' in %s/bug43301.php(%d) : mbregex replace on line 1
+
+Fatal error: mb_ereg_replace(): Failed evaluating code:
+$1 in %s/bug43301.php on line %d
projects / php / commitdiff