From 60bf71d3e787fc4b38f2e7b22a137f5fe9582947 Mon Sep 17 00:00:00 2001 From: Zhou Qingyang Date: Tue, 29 Mar 2022 22:48:34 +0800 Subject: [PATCH] Fix a NULL pointer dereference bug lead by php_pcre_replace_impl() php_pcre_replace_impl() will return NULL on failure. However in the function zim_RegexIterator_accept(), the return value of php_pcre_replace_impl() is directly used without any check, which could lead to NULL pointer dereference. Fix this by adding a NULL check. --- ext/spl/spl_iterators.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ext/spl/spl_iterators.c b/ext/spl/spl_iterators.c index 73c6a87e213b2..72ea8901665f1 100644 --- a/ext/spl/spl_iterators.c +++ b/ext/spl/spl_iterators.c @@ -1880,6 +1880,9 @@ PHP_METHOD(RegexIterator, accept) } result = php_pcre_replace_impl(intern->u.regex.pce, subject, ZSTR_VAL(subject), ZSTR_LEN(subject), replacement_str, -1, &count); + if (!result) { + RETURN_FALSE; + } if (intern->u.regex.flags & REGIT_USE_KEY) { zval_ptr_dtor(&intern->current.key);