Skip to content

Commit 15e5094

Browse files
weltlingweltling
committed
More error checks
1 parent 425c933 commit 15e5094

File tree

6 files changed

+27
-3
lines changed

6 files changed

+27
-3
lines changed

ext/fileinfo/libmagic/softmagic.c

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -426,8 +426,10 @@ check_fmt(struct magic_set *ms, struct magic *m)
426426
rv = -1;
427427
} else {
428428
pcre2_match_data *match_data = pcre2_match_data_create_from_pattern(pce, php_pcre_gctx());
429-
rv = pcre2_match(pce, m->desc, strlen(m->desc), 0, re_options, match_data, php_pcre_mctx()) > 0;
430-
pcre2_match_data_free(match_data);
429+
if (match_data) {
430+
rv = pcre2_match(pce, m->desc, strlen(m->desc), 0, re_options, match_data, php_pcre_mctx()) > 0;
431+
pcre2_match_data_free(match_data);
432+
}
431433
}
432434
zend_string_release(pattern);
433435
(void)setlocale(LC_CTYPE, "");

ext/filter/logical_filters.c

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -446,6 +446,9 @@ void php_filter_validate_regexp(PHP_INPUT_FILTER_PARAM_DECL) /* {{{ */
446446
RETURN_VALIDATION_FAILED
447447
}
448448
match_data = pcre2_match_data_create_from_pattern(re, php_pcre_gctx());
449+
if (!match_data) {
450+
RETURN_VALIDATION_FAILED
451+
}
449452
rc = pcre2_match(re, Z_STRVAL_P(value), Z_STRLEN_P(value), 0, preg_options, match_data, php_pcre_mctx());
450453
pcre2_match_data_free(match_data);
451454

@@ -631,6 +634,9 @@ void php_filter_validate_email(PHP_INPUT_FILTER_PARAM_DECL) /* {{{ */
631634
}
632635
zend_string_release(sregexp);
633636
match_data = pcre2_match_data_create_from_pattern(re, php_pcre_gctx());
637+
if (!match_data) {
638+
RETURN_VALIDATION_FAILED
639+
}
634640
rc = pcre2_match(re, Z_STRVAL_P(value), Z_STRLEN_P(value), 0, preg_options, match_data, php_pcre_mctx());
635641
pcre2_match_data_free(match_data);
636642

ext/opcache/zend_accelerator_blacklist.c

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -349,6 +349,10 @@ zend_bool zend_accel_blacklist_is_blacklisted(zend_blacklist *blacklist, char *v
349349
}
350350
while (regexp_list_it != NULL) {
351351
pcre2_match_data *match_data = pcre2_match_data_create_from_pattern(regexp_list_it->re, gctx);
352+
if (!match_data) {
353+
/* Alloc failed, but next one could still come through and match. */
354+
continue;
355+
}
352356
int rc = pcre2_match(regexp_list_it->re, verify_path, strlen(verify_path), 0, 0, match_data, mctx);
353357
if (rc >= 0) {
354358
ret = 1;

ext/pgsql/pgsql.c

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5791,6 +5791,11 @@ static int php_pgsql_convert_match(const char *str, size_t str_len, const char *
57915791
}
57925792

57935793
match_data = pcre2_match_data_create_from_pattern(re, php_pcre_gctx());
5794+
if (NULL == match_data) {
5795+
pcre2_code_free(re);
5796+
php_error_docref(NULL, E_WARNING, "Cannot allocate match data");
5797+
return FAILURE;
5798+
}
57945799
res = pcre2_match(re, str, str_len, 0, 0, match_data, php_pcre_mctx());
57955800
pcre2_match_data_free(match_data);
57965801
pcre2_code_free(re);

ext/spl/spl_iterators.c

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2062,7 +2062,9 @@ SPL_METHOD(RegexIterator, accept)
20622062
case REGIT_MODE_MATCH:
20632063
re = php_pcre_pce_re(intern->u.regex.pce);
20642064
match_data = pcre2_match_data_create_from_pattern(re, php_pcre_gctx());
2065-
/* XXX error check. */
2065+
if (!match_data) {
2066+
RETURN_FALSE;
2067+
}
20662068
rc = pcre2_match(re, ZSTR_VAL(subject), ZSTR_LEN(subject), 0, 0, match_data, php_pcre_mctx());
20672069
RETVAL_BOOL(rc >= 0);
20682070
pcre2_match_data_free(match_data);

ext/zip/php_zip.c

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -699,6 +699,11 @@ int php_zip_pcre(zend_string *regexp, char *path, int path_len, zval *return_val
699699
}
700700

701701
match_data = pcre2_match_data_create_from_pattern(re, gctx);
702+
if (!match_data) {
703+
/* Allocation failed, but can proceed to the next pattern. */
704+
zend_string_release(namelist[i]);
705+
continue;
706+
}
702707
rc = pcre2_match(re, ZSTR_VAL(namelist[i]), ZSTR_LEN(namelist[i]), 0, preg_options, match_data, mctx);
703708
pcre2_match_data_free(match_data);
704709
/* 0 means that the vector is too small to hold all the captured substring offsets */

0 commit comments

Comments
 (0)