From: Christoph M. Becker <cmbecker69@gmx.de>
Date: Sat, 19 Sep 2020 10:37:57 +0000 (+0200)
Subject: Fix #80118: Erroneous whitespace match with JIT only
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=d27dc5c028637edaf4d1511613cc33e7e164bd6e;p=php

Fix #80118: Erroneous whitespace match with JIT only

We backport r1273[1] from PCRE2.

[1] <https://vcs.pcre.org/pcre2?revision=1273&view=revision>

Closes GH-6165.
---

diff --git a/NEWS b/NEWS
index 2fbdad1d80..7ad5262506 100644
--- a/NEWS
+++ b/NEWS
@@ -14,6 +14,7 @@ PHP                                                                        NEWS
 
 - PCRE:
   . Updated to PCRE 10.35. (cmb)
+  . Fixed bug #80118 (Erroneous whitespace match with JIT only). (cmb)
 
 - Standard:
   . Fixed bug #80114 (parse_url does not accept URLs with port 0). (cmb, twosee)
diff --git a/ext/pcre/pcre2lib/pcre2_jit_compile.c b/ext/pcre/pcre2lib/pcre2_jit_compile.c
index 8e51576ac6..61aa019d10 100644
--- a/ext/pcre/pcre2lib/pcre2_jit_compile.c
+++ b/ext/pcre/pcre2lib/pcre2_jit_compile.c
@@ -7594,25 +7594,43 @@ if (needstype || needsscript)
       }
 
     cc = ccbegin;
-    }
 
-  if (needschar)
-    OP1(SLJIT_MOV, TMP1, 0, RETURN_ADDR, 0);
+    if (needstype)
+      {
+      /* TMP2 has already been shifted by 2 */
+      if (!needschar)
+        {
+        OP2(SLJIT_ADD, TMP1, 0, TMP2, 0, TMP2, 0);
+        OP2(SLJIT_ADD, TMP1, 0, TMP1, 0, TMP2, 0);
+
+        OP1(SLJIT_MOV_U8, TMP1, 0, SLJIT_MEM1(TMP1), (sljit_sw)PRIV(ucd_records) + SLJIT_OFFSETOF(ucd_record, chartype));
+        }
+      else
+        {
+        OP2(SLJIT_ADD, TMP1, 0, TMP2, 0, TMP2, 0);
+        OP2(SLJIT_ADD, TMP2, 0, TMP2, 0, TMP1, 0);
 
-  if (needstype)
+        OP1(SLJIT_MOV, TMP1, 0, RETURN_ADDR, 0);
+        OP1(SLJIT_MOV_U8, RETURN_ADDR, 0, SLJIT_MEM1(TMP2), (sljit_sw)PRIV(ucd_records) + SLJIT_OFFSETOF(ucd_record, chartype));
+        typereg = RETURN_ADDR;
+        }
+      }
+    else if (needschar)
+      OP1(SLJIT_MOV, TMP1, 0, RETURN_ADDR, 0);
+    }
+  else if (needstype)
     {
+    OP2(SLJIT_SHL, TMP1, 0, TMP2, 0, SLJIT_IMM, 3);
+    OP2(SLJIT_SHL, TMP2, 0, TMP2, 0, SLJIT_IMM, 2);
+
     if (!needschar)
       {
-      OP2(SLJIT_SHL, TMP1, 0, TMP2, 0, SLJIT_IMM, 3);
-      OP2(SLJIT_SHL, TMP2, 0, TMP2, 0, SLJIT_IMM, 2);
       OP2(SLJIT_ADD, TMP1, 0, TMP1, 0, TMP2, 0);
 
       OP1(SLJIT_MOV_U8, TMP1, 0, SLJIT_MEM1(TMP1), (sljit_sw)PRIV(ucd_records) + SLJIT_OFFSETOF(ucd_record, chartype));
       }
     else
       {
-      OP2(SLJIT_SHL, TMP1, 0, TMP2, 0, SLJIT_IMM, 2);
-      OP2(SLJIT_SHL, TMP2, 0, TMP2, 0, SLJIT_IMM, 3);
       OP2(SLJIT_ADD, TMP2, 0, TMP2, 0, TMP1, 0);
 
       OP1(SLJIT_MOV, TMP1, 0, RETURN_ADDR, 0);
@@ -7620,6 +7638,8 @@ if (needstype || needsscript)
       typereg = RETURN_ADDR;
       }
     }
+  else if (needschar)
+    OP1(SLJIT_MOV, TMP1, 0, RETURN_ADDR, 0);
   }
 #endif /* SUPPORT_UNICODE */
 
diff --git a/ext/pcre/tests/bug80118.phpt b/ext/pcre/tests/bug80118.phpt
new file mode 100644
index 0000000000..5de66076e0
--- /dev/null
+++ b/ext/pcre/tests/bug80118.phpt
@@ -0,0 +1,10 @@
+--TEST--
+Bug #80118 (Erroneous whitespace match with JIT only)
+--FILE--
+<?php
+preg_match('~[^\p{Han}\p{Z}]~u', '     ', $matches);
+var_dump($matches);
+?>
+--EXPECT--
+array(0) {
+}