cmb69/0001-Fix-75457-heap-use-after-free-in-php7.0.25.patch Secret

## 0001-Fix-75457-heap-use-after-free-in-php7.0.25.patch
From 600d31e8dd9a06b7a299128c1efa8456a1a0bfb3 Mon Sep 17 00:00:00 2001
From: "Christoph M. Becker" <cmbecker69@gmx.de>
Date: Fri, 16 Aug 2019 14:29:19 +0200
Subject: [PATCH] Fix #75457: heap-use-after-free in php7.0.25

Backport <https://vcs.pcre.org/pcre?view=revision&revision=1638>.
---
 ext/pcre/pcrelib/pcre_compile.c | 11 ++++++++++-
 ext/pcre/tests/bug75457.phpt    | 10 ++++++++++
 2 files changed, 20 insertions(+), 1 deletion(-)
 create mode 100644 ext/pcre/tests/bug75457.phpt

diff --git a/ext/pcre/pcrelib/pcre_compile.c b/ext/pcre/pcrelib/pcre_compile.c
index c7827745c8..402c4284d1 100644
--- a/ext/pcre/pcrelib/pcre_compile.c
+++ b/ext/pcre/pcrelib/pcre_compile.c
@@ -483,7 +483,7 @@ static const char error_texts[] =
   "lookbehind assertion is not fixed length\0"
   "malformed number or name after (?(\0"
   "conditional group contains more than two branches\0"
-  "assertion expected after (?(\0"
+  "assertion expected after (?( or (?(?C)\0"
   "(?R or (?[+-]digits must be followed by )\0"
   /* 30 */
   "unknown POSIX class name\0"
@@ -6732,6 +6732,15 @@ for (;; ptr++)
           for (i = 3;; i++) if (!IS_DIGIT(ptr[i])) break;
           if (ptr[i] == CHAR_RIGHT_PARENTHESIS)
             tempptr += i + 1;
+
+          /* tempptr should now be pointing to the opening parenthesis of the
+          assertion condition. */
+
+          if (*tempptr != CHAR_LEFT_PARENTHESIS)
+            {
+            *errorcodeptr = ERR28;
+            goto FAILED;
+            }
           }

         /* For conditions that are assertions, check the syntax, and then exit
diff --git a/ext/pcre/tests/bug75457.phpt b/ext/pcre/tests/bug75457.phpt
new file mode 100644
index 0000000000..4880440d38
--- /dev/null
+++ b/ext/pcre/tests/bug75457.phpt
@@ -0,0 +1,10 @@
+--TEST--
+Bug #75457 (heap-use-after-free in php7.0.25)
+--FILE--
+<?php
+$pattern = "/(((?(?C)0?=))(?!()0|.(?0)0)())/";
+var_dump(preg_match($pattern, "hello"));
+?>
+--EXPECT--
+Warning: preg_match(): Compilation failed: assertion expected after (?( or (?(?C) at offset 4 in C:\php-sdk\phpdev\vc14\x64\php-src-7.1\ext\pcre\tests\bug75457.php on line 3
+bool(false)
--
2.22.0.windows.1
	From 600d31e8dd9a06b7a299128c1efa8456a1a0bfb3 Mon Sep 17 00:00:00 2001
	From: "Christoph M. Becker" <cmbecker69@gmx.de>
	Date: Fri, 16 Aug 2019 14:29:19 +0200
	Subject: [PATCH] Fix #75457: heap-use-after-free in php7.0.25

	Backport <https://vcs.pcre.org/pcre?view=revision&revision=1638>.
	---
	ext/pcre/pcrelib/pcre_compile.c \| 11 ++++++++++-
	ext/pcre/tests/bug75457.phpt \| 10 ++++++++++
	2 files changed, 20 insertions(+), 1 deletion(-)
	create mode 100644 ext/pcre/tests/bug75457.phpt

	diff --git a/ext/pcre/pcrelib/pcre_compile.c b/ext/pcre/pcrelib/pcre_compile.c
	index c7827745c8..402c4284d1 100644
	--- a/ext/pcre/pcrelib/pcre_compile.c
	+++ b/ext/pcre/pcrelib/pcre_compile.c
	@@ -483,7 +483,7 @@ static const char error_texts[] =
	"lookbehind assertion is not fixed length\0"
	"malformed number or name after (?(\0"
	"conditional group contains more than two branches\0"
	- "assertion expected after (?(\0"
	+ "assertion expected after (?( or (?(?C)\0"
	"(?R or (?[+-]digits must be followed by )\0"
	/* 30 */
	"unknown POSIX class name\0"
	@@ -6732,6 +6732,15 @@ for (;; ptr++)
	for (i = 3;; i++) if (!IS_DIGIT(ptr[i])) break;
	if (ptr[i] == CHAR_RIGHT_PARENTHESIS)
	tempptr += i + 1;
	+
	+ /* tempptr should now be pointing to the opening parenthesis of the
	+ assertion condition. */
	+
	+ if (*tempptr != CHAR_LEFT_PARENTHESIS)
	+ {
	+ *errorcodeptr = ERR28;
	+ goto FAILED;
	+ }
	}

	/* For conditions that are assertions, check the syntax, and then exit
	diff --git a/ext/pcre/tests/bug75457.phpt b/ext/pcre/tests/bug75457.phpt
	new file mode 100644
	index 0000000000..4880440d38
	--- /dev/null
	+++ b/ext/pcre/tests/bug75457.phpt
	@@ -0,0 +1,10 @@
	+--TEST--
	+Bug #75457 (heap-use-after-free in php7.0.25)
	+--FILE--
	+<?php
	+$pattern = "/(((?(?C)0?=))(?!()0\|.(?0)0)())/";
	+var_dump(preg_match($pattern, "hello"));
	+?>
	+--EXPECT--
	+Warning: preg_match(): Compilation failed: assertion expected after (?( or (?(?C) at offset 4 in C:\php-sdk\phpdev\vc14\x64\php-src-7.1\ext\pcre\tests\bug75457.php on line 3
	+bool(false)
	--
	2.22.0.windows.1