From: Dmitry Stogov <dmitry@zend.com>
Date: Tue, 13 May 2014 08:14:55 +0000 (+0400)
Subject: Nested PCRE calls may clobber extra->mark and it has to be reinitailized
X-Git-Tag: POST_PHPNG_MERGE~374^2~11
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=376ab3b7873ca04142185d8c08dbb4c4be152474;p=php

Nested PCRE calls may clobber extra->mark and it has to be reinitailized
This fixes invalid memory writes (detected with valgrind) in Zend/tests/closure_047.phpt and Zend/tests/closure_048.phpt.
---

diff --git a/ext/pcre/php_pcre.c b/ext/pcre/php_pcre.c
index 636bafae15..952dcb11bd 100644
--- a/ext/pcre/php_pcre.c
+++ b/ext/pcre/php_pcre.c
@@ -1058,10 +1058,6 @@ PHPAPI zend_string *php_pcre_replace_impl(pcre_cache_entry *pce, char *subject,
 	}
 	extra->match_limit = PCRE_G(backtrack_limit);
 	extra->match_limit_recursion = PCRE_G(recursion_limit);
-#ifdef PCRE_EXTRA_MARK
-	extra->mark = &mark;
-	extra->flags |= PCRE_EXTRA_MARK;
-#endif
 
 	eval = pce->preg_options & PREG_REPLACE_EVAL;
 	if (is_callable_replace) {
@@ -1110,6 +1106,10 @@ PHPAPI zend_string *php_pcre_replace_impl(pcre_cache_entry *pce, char *subject,
 	PCRE_G(error_code) = PHP_PCRE_NO_ERROR;
 	
 	while (1) {
+#ifdef PCRE_EXTRA_MARK
+		extra->mark = &mark;
+		extra->flags |= PCRE_EXTRA_MARK;
+#endif
 		/* Execute the regular expression. */
 		count = pcre_exec(pce->re, extra, subject, subject_len, start_offset,
 						  exoptions|g_notempty, offsets, size_offsets);