From 3d5641872239cbd4ec8855b05c90f94fb0d11d7e Mon Sep 17 00:00:00 2001
From: Xinchen Hui <laruence@gmail.com>
Date: Mon, 13 Jun 2016 18:20:26 -0700
Subject: Fixed bug #72399 (Use-After-Free in MBString (search_re))

---
 ext/mbstring/php_mbregex.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'ext/mbstring/php_mbregex.c')

diff --git a/ext/mbstring/php_mbregex.c b/ext/mbstring/php_mbregex.c
index 73c94da5e9..c1f9fc2560 100644
--- a/ext/mbstring/php_mbregex.c
+++ b/ext/mbstring/php_mbregex.c
@@ -459,8 +459,12 @@ static php_mb_regex_t *php_mbregex_compile_pattern(const char *pattern, int patl
 			retval = NULL;
 			goto out;
 		}
+		if (rc == MBREX(search_re)) {
+			/* reuse the new rc? see bug #72399 */
+			MBREX(search_re) = NULL;
+		}
 		zend_hash_str_update_ptr(&MBREX(ht_rc), (char *)pattern, patlen, retval);
-	} else if (rc) {
+	} else {
 		retval = rc;
 	}
 out:
-- 
cgit v1.2.1