File php-CVE-2016-5768.patch of Package php5

Overview Repositories Revisions Requests Users Attributes Meta

File php-CVE-2016-5768.patch of Package php5

Index: php-5.6.1/ext/mbstring/php_mbregex.c
===================================================================
--- php-5.6.1.orig/ext/mbstring/php_mbregex.c	2014-10-01 11:17:38.000000000 +0200
+++ php-5.6.1/ext/mbstring/php_mbregex.c	2016-06-27 08:50:18.292398631 +0200
@@ -953,7 +953,7 @@ static void _php_mb_regex_ereg_replace_e
 				eval_buf.len = 0;
 				zval_dtor(&v);
 			} else if (is_callable) {
-				zval *retval_ptr;
+				zval *retval_ptr = NULL;
 				zval **args[1];
 				zval *subpats;
 				int i;
@@ -972,13 +972,12 @@ static void _php_mb_regex_ereg_replace_e
 				arg_replace_fci.param_count = 1;
 				arg_replace_fci.params = args;
 				arg_replace_fci.retval_ptr_ptr = &retval_ptr;
-				if (zend_call_function(&arg_replace_fci, &arg_replace_fci_cache TSRMLS_CC) == SUCCESS && arg_replace_fci.retval_ptr_ptr) {
+				if (zend_call_function(&arg_replace_fci, &arg_replace_fci_cache TSRMLS_CC) == SUCCESS && arg_replace_fci.retval_ptr_ptr && retval_ptr) {
 					convert_to_string_ex(&retval_ptr);
 					smart_str_appendl(&out_buf, Z_STRVAL_P(retval_ptr), Z_STRLEN_P(retval_ptr));
 					eval_buf.len = 0;
 					zval_ptr_dtor(&retval_ptr);
 				} else {
-					efree(description);
 					if (!EG(exception)) {
 						php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to call custom replacement function");
 					}

Places

File php-CVE-2016-5768.patch of Package php5

Places