jani Fri Nov 16 12:28:34 2007 UTC
Added files: (Branch: PHP_5_2)
/php-src/ext/mbstring/tests bug43301.phpt
Modified files:
/php-src NEWS
/php-src/ext/mbstring php_mbregex.c
Log:
MFH:- Fixed bug #43301 (mb_ereg*_replace() crashes when replacement string is
invalid PHP expression and 'e' option is used)
http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.2027.2.547.2.1012&r2=1.2027.2.547.2.1013&diff_format=u
Index: php-src/NEWS
diff -u php-src/NEWS:1.2027.2.547.2.1012 php-src/NEWS:1.2027.2.547.2.1013
--- php-src/NEWS:1.2027.2.547.2.1012 Thu Nov 15 18:58:43 2007
+++ php-src/NEWS Fri Nov 16 12:28:34 2007
@@ -1,6 +1,8 @@
PHP NEWS
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
?? ??? 2008, PHP 5.2.6
+- Fixed bug #43301 (mb_ereg*_replace() crashes when replacement string is
invalid
+ PHP expression and 'e' option is used). (Jani)
- Fixed bug #43293 (Multiple segfaults in getopt()). (Hannes)
- Fixed bug #43279 (pg_send_query_params() converts all elements in 'params'
to strings). (Ilia)
http://cvs.php.net/viewvc.cgi/php-src/ext/mbstring/php_mbregex.c?r1=1.53.2.1.2.4&r2=1.53.2.1.2.5&diff_format=u
Index: php-src/ext/mbstring/php_mbregex.c
diff -u php-src/ext/mbstring/php_mbregex.c:1.53.2.1.2.4
php-src/ext/mbstring/php_mbregex.c:1.53.2.1.2.5
--- php-src/ext/mbstring/php_mbregex.c:1.53.2.1.2.4 Thu Jan 11 22:23:20 2007
+++ php-src/ext/mbstring/php_mbregex.c Fri Nov 16 12:28:34 2007
@@ -16,7 +16,7 @@
+----------------------------------------------------------------------+
*/
-/* $Id: php_mbregex.c,v 1.53.2.1.2.4 2007/01/11 22:23:20 tony2001 Exp $ */
+/* $Id: php_mbregex.c,v 1.53.2.1.2.5 2007/11/16 12:28:34 jani Exp $ */
#ifdef HAVE_CONFIG_H
@@ -737,7 +737,12 @@
/* null terminate buffer */
smart_str_appendc(&eval_buf, '\0');
/* do eval */
- zend_eval_string(eval_buf.c, &v, description
TSRMLS_CC);
+ if (zend_eval_string(eval_buf.c, &v,
description TSRMLS_CC) == FAILURE) {
+ efree(description);
+ php_error_docref(NULL
TSRMLS_CC,E_ERROR, "Failed evaluating code: %s%s", PHP_EOL, eval_buf.c);
+ /* zend_error() does not return in this
case */
+ }
+
/* result of eval */
convert_to_string(&v);
smart_str_appendl(&out_buf, Z_STRVAL(v),
Z_STRLEN(v));
http://cvs.php.net/viewvc.cgi/php-src/ext/mbstring/tests/bug43301.phpt?view=markup&rev=1.1
Index: php-src/ext/mbstring/tests/bug43301.phpt
+++ php-src/ext/mbstring/tests/bug43301.phpt
--TEST--
Bug #31911 (mb_ereg*_replace() crashes when replacement string is invalid PHP
expression and 'e' option is used)
--SKIPIF--
<?php extension_loaded('mbstring') or die('skip mbstring not available'); ?>
--FILE--
<?php
$ptr = 'hello';
$txt = <<<doc
hello, I have got a cr*sh on you
doc;
echo mb_ereg_replace($ptr,'$1',$txt,'e');
?>
--EXPECTF--
Parse error: syntax error, unexpected T_LNUMBER, expecting T_VARIABLE or '$' in
%s/bug43301.php(%d) : mbregex replace on line 1
Fatal error: mb_ereg_replace(): Failed evaluating code:
$1 in %s/bug43301.php on line %d
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
