From 18768584e2b236b7fe798449695c2c0363c947d9 Mon Sep 17 00:00:00 2001
From: Felipe Pena <felipe@php.net>
Date: Mon, 21 Nov 2011 19:15:18 +0000
Subject: [PATCH] - Fixed possible crash in mb_ereg_search_init() using empty
 pattern

---
 ext/mbstring/php_mbregex.c            |  9 +++++++--
 ext/mbstring/tests/empty_pattern.phpt | 18 ++++++++++++++++++
 2 files changed, 25 insertions(+), 2 deletions(-)
 create mode 100644 ext/mbstring/tests/empty_pattern.phpt

diff --git a/ext/mbstring/php_mbregex.c b/ext/mbstring/php_mbregex.c
index f3fd96a556..9bc87a59bd 100644
--- a/ext/mbstring/php_mbregex.c
+++ b/ext/mbstring/php_mbregex.c
@@ -1310,14 +1310,19 @@ PHP_FUNCTION(mb_ereg_search_init)
 {
 	size_t argc = ZEND_NUM_ARGS();
 	zval *arg_str;
-	char *arg_pattern, *arg_options;
-	int arg_pattern_len, arg_options_len;
+	char *arg_pattern = NULL, *arg_options = NULL;
+	int arg_pattern_len = 0, arg_options_len = 0;
 	OnigSyntaxType *syntax = NULL;
 	OnigOptionType option;
 
 	if (zend_parse_parameters(argc TSRMLS_CC, "z|ss", &arg_str, &arg_pattern, &arg_pattern_len, &arg_options, &arg_options_len) == FAILURE) {
 		return;
 	}
+	
+	if (arg_pattern_len == 0) {
+		php_error_docref(NULL TSRMLS_CC, E_WARNING, "Empty pattern");
+		RETURN_FALSE;
+	}
 
 	option = MBREX(regex_default_options);
 	syntax = MBREX(regex_default_syntax);
diff --git a/ext/mbstring/tests/empty_pattern.phpt b/ext/mbstring/tests/empty_pattern.phpt
new file mode 100644
index 0000000000..e395604f8e
--- /dev/null
+++ b/ext/mbstring/tests/empty_pattern.phpt
@@ -0,0 +1,18 @@
+--TEST--
+Check for empty pattern
+--SKIPIF--
+<?php extension_loaded('mbstring') or die('skip mbstring not available'); ?>
+--FILE--
+<?php
+
+mb_ereg_search_init("","","");
+mb_split("","");
+mb_ereg_search_regs();
+
+?>
+--EXPECTF--
+Warning: mb_ereg_search_init(): Empty pattern in %s on line %d
+
+Warning: mb_split(): Empty regular expression in %s on line %d
+
+Warning: mb_ereg_search_regs(): No regex given in %s on line %d
-- 
2.40.0