mirror of
https://github.com/php/php-src.git
synced 2024-09-22 02:17:32 +00:00
Apply upstream patch for CVE-2016-1283
Fix bug #75207, see also https://bugzilla.redhat.com/show_bug.cgi?id=1295385 https://vcs.pcre.org/pcre?view=revision&revision=1636
This commit is contained in:
parent
29e673f8ed
commit
d11fceab15
@ -7272,7 +7272,12 @@ for (;; ptr++)
|
||||
so far in order to get the number. If the name is not found, leave
|
||||
the value of recno as 0 for a forward reference. */
|
||||
|
||||
else
|
||||
/* This patch (removing "else") fixes a problem when a reference is
|
||||
to multiple identically named nested groups from within the nest.
|
||||
Once again, it is not the "proper" fix, and it results in an
|
||||
over-allocation of memory. */
|
||||
|
||||
/* else */
|
||||
{
|
||||
ng = cd->named_groups;
|
||||
for (i = 0; i < cd->names_found; i++, ng++)
|
||||
|
10
ext/pcre/tests/bug75207.phpt
Normal file
10
ext/pcre/tests/bug75207.phpt
Normal file
@ -0,0 +1,10 @@
|
||||
--TEST--
|
||||
CVE-2016-1283, see bug #75207
|
||||
--FILE--
|
||||
<?php
|
||||
preg_match("/(?:F?+(?:^(?(R)a+\"){99}-))(?J)(?'R'(?'R'<((?'RR'(?'R'\){97)?J)?J)(?'R'(?'R'\){99|(:(?|(?'R')(\k'R')|((?'R')))H'R'R)(H'R))))))/", "*b\dc");
|
||||
?>
|
||||
==DONE==
|
||||
--EXPECTF--
|
||||
Warning: preg_match(): Compilation failed: unmatched parentheses at offset %d in %s on line %d
|
||||
==DONE==
|
Loading…
Reference in New Issue
Block a user