From 9a404df382d041127eaa601b3113587df45d510d Mon Sep 17 00:00:00 2001
From: Xinchen Hui <laruence@php.net>
Date: Wed, 1 Apr 2015 00:41:46 +0300
Subject: [PATCH] Fixed bug #68740 (NULL Pointer Dereference)

(cherry picked from commit 124fb22a13fafa3648e4e15b4f207c7096d8155e)
---
 NEWS                     | 3 +++
 ext/ereg/regex/regcomp.c | 4 ++++
 2 files changed, 7 insertions(+)

diff --git a/NEWS b/NEWS
index f8f046c056..0a83818e2e 100644
--- a/NEWS
+++ b/NEWS
@@ -2,6 +2,9 @@ PHP                                                                        NEWS
 |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
 ?? ??? 2015 PHP 5.4.40
 
+- Ereg:
+  . Fixed bug #68740 (NULL Pointer Dereference). (Laruence)
+
 - GD:
   . Fixed bug #68601 (buffer read overflow in gd_gif_in.c). (Remi)
 
diff --git a/ext/ereg/regex/regcomp.c b/ext/ereg/regex/regcomp.c
index f4bfc1c167..c2223d7dbe 100644
--- a/ext/ereg/regex/regcomp.c
+++ b/ext/ereg/regex/regcomp.c
@@ -1284,6 +1284,10 @@ int c;
 	register int ncols = (g->ncsets+(CHAR_BIT-1)) / CHAR_BIT;
 	register unsigned uc = (unsigned char)c;
 
+	if (!g->setbits) {
+		return(0);
+	}
+
 	for (i = 0, col = g->setbits; i < ncols; i++, col += g->csetsize)
 		if (col[uc] != 0)
 			return(1);
-- 
2.40.0