From: Remi Collet <remi@php.net>
Date: Tue, 30 May 2017 13:39:21 +0000 (+0200)
Subject: Patch from the upstream git
X-Git-Tag: php-7.0.21RC1~32
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=5416deec665db293ae25548828791453d776a6bf;p=php

Patch from the upstream git
https://github.com/kkos/oniguruma/issues/59 (CVE-2017-9229)
b690371bbf97794b4a1d3f295d4fb9a8b05d402d Modified for onig 5.9.6

Thanks to Mamoru TASAKA <mtasaka@fedoraproject.org>
---

diff --git a/ext/mbstring/oniguruma/regexec.c b/ext/mbstring/oniguruma/regexec.c
index 97d5f32d28..42a31bd12b 100644
--- a/ext/mbstring/oniguruma/regexec.c
+++ b/ext/mbstring/oniguruma/regexec.c
@@ -3205,7 +3205,13 @@ forward_search_range(regex_t* reg, const UChar* str, const UChar* end, UChar* s,
     else {
       if (reg->dmax != ONIG_INFINITE_DISTANCE) {
 	*low = p - reg->dmax;
-	if (*low > s) {
+	if (p - str < reg->dmax) {
+	  *low = (UChar* )str;
+	  if (low_prev)
+	    *low_prev = onigenc_get_prev_char_head(reg->enc, str, *low);
+	}
+	else {
+ 	if (*low > s) {
 	  *low = onigenc_get_right_adjust_char_head_with_prev(reg->enc, s,
 							      *low, (const UChar** )low_prev);
 	  if (low_prev && IS_NULL(*low_prev))
@@ -3218,6 +3224,7 @@ forward_search_range(regex_t* reg, const UChar* str, const UChar* end, UChar* s,
 					       (pprev ? pprev : str), *low);
 	}
       }
+      }
     }
     /* no needs to adjust *high, *high is used as range check only */
     *high = p - reg->dmin;