From b111463f4ca3678718cafb8cdbf3342ed54c05f5 Mon Sep 17 00:00:00 2001 From: Andrei Zmievski Date: Thu, 14 Sep 2000 15:44:36 +0000 Subject: [PATCH] Fixed bug #6740. I happen to think that this is php_addslashes() problem, not PCRE's. When 0 is passed for the length of the string to php_addslashes() it assumes that we want to process the whole string and happily runs strlen() on it. That is bad. It should respect the length and return an empty string if it's 0. --- ext/pcre/php_pcre.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/ext/pcre/php_pcre.c b/ext/pcre/php_pcre.c index 68b112ab8f..877eecb152 100644 --- a/ext/pcre/php_pcre.c +++ b/ext/pcre/php_pcre.c @@ -560,7 +560,12 @@ static int preg_do_eval(char *eval_str, int eval_str_len, char *subject, in instead of the backref */ match = subject + offsets[backref<<1]; match_len = offsets[(backref<<1)+1] - offsets[backref<<1]; - esc_match = php_addslashes(match, match_len, &esc_match_len, 0); + if (match_len) + esc_match = php_addslashes(match, match_len, &esc_match_len, 0); + else { + esc_match = match; + esc_match_len = 0; + } sprintf(backref_buf, "\\%d", backref); new_code = php_str_to_str(code, code_len, backref_buf, (backref > 9) ? 3 : 2, @@ -570,7 +575,8 @@ static int preg_do_eval(char *eval_str, int eval_str_len, char *subject, walk = new_code + (walk - code) + match_len; /* Clean up and reassign */ - efree(esc_match); + if (esc_match_len) + efree(esc_match); efree(code); code = new_code; code_len = new_code_len; -- 2.40.0