From f7048d092515fabc3469429eaa249cfce5b1d43a Mon Sep 17 00:00:00 2001 From: Felipe Pena Date: Mon, 21 Nov 2011 19:15:18 +0000 Subject: - Fixed possible crash in mb_ereg_search_init() using empty pattern --- ext/mbstring/php_mbregex.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) (limited to 'ext/mbstring/php_mbregex.c') diff --git a/ext/mbstring/php_mbregex.c b/ext/mbstring/php_mbregex.c index 9617487c8b..e28bdc4560 100644 --- a/ext/mbstring/php_mbregex.c +++ b/ext/mbstring/php_mbregex.c @@ -1245,14 +1245,19 @@ PHP_FUNCTION(mb_ereg_search_init) { size_t argc = ZEND_NUM_ARGS(); zval *arg_str; - char *arg_pattern, *arg_options; - int arg_pattern_len, arg_options_len; + char *arg_pattern = NULL, *arg_options = NULL; + int arg_pattern_len = 0, arg_options_len = 0; OnigSyntaxType *syntax = NULL; OnigOptionType option; if (zend_parse_parameters(argc TSRMLS_CC, "z|ss", &arg_str, &arg_pattern, &arg_pattern_len, &arg_options, &arg_options_len) == FAILURE) { return; } + + if (arg_pattern_len == 0) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Empty pattern"); + RETURN_FALSE; + } option = MBREX(regex_default_options); syntax = MBREX(regex_default_syntax); -- cgit v1.2.1