cmb69/.patch Secret

## .patch
From 5c97d829180f99af9e0defd7beea2367c32cdd84 Mon Sep 17 00:00:00 2001
From: "Christoph M. Becker" <cmbecker69@gmx.de>
Date: Fri, 4 Oct 2019 19:02:37 +0200
Subject: [PATCH] Fix #78633: Heap buffer overflow (read) in mb_eregi

We backport kkos/oniguruma@15c4228aa2ffa02140a99912dd3177df0b1841c6.
---
 ext/mbstring/oniguruma/src/regcomp.c |  2 +-
 ext/mbstring/oniguruma/src/regexec.c |  1 +
 ext/mbstring/tests/bug78633.phpt     | 13 +++++++++++++
 3 files changed, 15 insertions(+), 1 deletion(-)
 create mode 100644 ext/mbstring/tests/bug78633.phpt

diff --git a/ext/mbstring/oniguruma/src/regcomp.c b/ext/mbstring/oniguruma/src/regcomp.c
index d1fbd1376e..e91bdec206 100644
--- a/ext/mbstring/oniguruma/src/regcomp.c
+++ b/ext/mbstring/oniguruma/src/regcomp.c
@@ -724,8 +724,8 @@ add_compile_string(UChar* s, int mb_len, int str_len,
     COP(reg)->exact_n.s = p;
   }
   else {
+    xmemset(COP(reg)->exact.s, 0, sizeof(COP(reg)->exact.s));
     xmemcpy(COP(reg)->exact.s, s, (size_t )byte_len);
-    COP(reg)->exact.s[byte_len] = '\0';
   }

   return 0;
diff --git a/ext/mbstring/oniguruma/src/regexec.c b/ext/mbstring/oniguruma/src/regexec.c
index 32c750b1f1..a4809baf5d 100644
--- a/ext/mbstring/oniguruma/src/regexec.c
+++ b/ext/mbstring/oniguruma/src/regexec.c
@@ -2900,6 +2900,7 @@ match_at(regex_t* reg, const UChar* str, const UChar* end,
           DATA_ENSURE(0);
           q = lowbuf;
           while (len-- > 0) {
+            if (ps >= endp) goto fail;
             if (*ps != *q) goto fail;
             ps++; q++;
           }
diff --git a/ext/mbstring/tests/bug78633.phpt b/ext/mbstring/tests/bug78633.phpt
new file mode 100644
index 0000000000..3ff69a1867
--- /dev/null
+++ b/ext/mbstring/tests/bug78633.phpt
@@ -0,0 +1,13 @@
+--TEST--
+Bug #78633 (Heap buffer overflow (read) in mb_eregi)
+--SKIPIF--
+<?php
+if (!extension_loaded('mbstring')) die('skip mbstring extension not available');
+if (!function_exists('mb_eregi')) die('skip mb_eregi function not available');
+?>
+--FILE--
+<?php
+var_dump(mb_eregi(".+Isssǰ", ".+Isssǰ"));
+?>
+--EXPECT--
+bool(false)
--
2.23.0.windows.1
	From 5c97d829180f99af9e0defd7beea2367c32cdd84 Mon Sep 17 00:00:00 2001
	From: "Christoph M. Becker" <cmbecker69@gmx.de>
	Date: Fri, 4 Oct 2019 19:02:37 +0200
	Subject: [PATCH] Fix #78633: Heap buffer overflow (read) in mb_eregi

	We backport kkos/oniguruma@15c4228aa2ffa02140a99912dd3177df0b1841c6.
	---
	ext/mbstring/oniguruma/src/regcomp.c \| 2 +-
	ext/mbstring/oniguruma/src/regexec.c \| 1 +
	ext/mbstring/tests/bug78633.phpt \| 13 +++++++++++++
	3 files changed, 15 insertions(+), 1 deletion(-)
	create mode 100644 ext/mbstring/tests/bug78633.phpt

	diff --git a/ext/mbstring/oniguruma/src/regcomp.c b/ext/mbstring/oniguruma/src/regcomp.c
	index d1fbd1376e..e91bdec206 100644
	--- a/ext/mbstring/oniguruma/src/regcomp.c
	+++ b/ext/mbstring/oniguruma/src/regcomp.c
	@@ -724,8 +724,8 @@ add_compile_string(UChar* s, int mb_len, int str_len,
	COP(reg)->exact_n.s = p;
	}
	else {
	+ xmemset(COP(reg)->exact.s, 0, sizeof(COP(reg)->exact.s));
	xmemcpy(COP(reg)->exact.s, s, (size_t )byte_len);
	- COP(reg)->exact.s[byte_len] = '\0';
	}

	return 0;
	diff --git a/ext/mbstring/oniguruma/src/regexec.c b/ext/mbstring/oniguruma/src/regexec.c
	index 32c750b1f1..a4809baf5d 100644
	--- a/ext/mbstring/oniguruma/src/regexec.c
	+++ b/ext/mbstring/oniguruma/src/regexec.c
	@@ -2900,6 +2900,7 @@ match_at(regex_t* reg, const UChar* str, const UChar* end,
	DATA_ENSURE(0);
	q = lowbuf;
	while (len-- > 0) {
	+ if (ps >= endp) goto fail;
	if (ps != q) goto fail;
	ps++; q++;
	}
	diff --git a/ext/mbstring/tests/bug78633.phpt b/ext/mbstring/tests/bug78633.phpt
	new file mode 100644
	index 0000000000..3ff69a1867
	--- /dev/null
	+++ b/ext/mbstring/tests/bug78633.phpt
	@@ -0,0 +1,13 @@
	+--TEST--
	+Bug #78633 (Heap buffer overflow (read) in mb_eregi)
	+--SKIPIF--
	+<?php
	+if (!extension_loaded('mbstring')) die('skip mbstring extension not available');
	+if (!function_exists('mb_eregi')) die('skip mb_eregi function not available');
	+?>
	+--FILE--
	+<?php
	+var_dump(mb_eregi(".+Isssǰ", ".+Isssǰ"));
	+?>
	+--EXPECT--
	+bool(false)
	--
	2.23.0.windows.1