php · yohgaki · Sep 1, 2016 · Sep 1, 2016 · Sep 1, 2016 · Sep 5, 2016
@@ -1473,6 +1473,27 @@ static PHP_INI_MH(OnUpdate_mbstring_http_output_conv_mimetypes)
 	return SUCCESS;
 }
 /* }}} */
+
+#if HAVE_MBREGEX
+/* {{{ static PHP_INI_MH(OnUpdate_regex_stack_limit */
+static PHP_INI_MH(OnUpdate_regex_stack_limit)
+{
+	zend_long stack_limit;
+
+	stack_limit = atol(ZSTR_VAL(new_value));
+	if (stack_limit > 0 && stack_limit <= UINT_MAX) {
+		onig_set_match_stack_limit_size(stack_limit);
+	} else if (stack_limit <= 0) {
+		onig_set_match_stack_limit_size(UINT_MAX);
+	} else {
+		php_error_docref("ref.mbstring", E_WARNING, "mbstring.regex_stack_limit exceeds UNIT_MAX");
+		return FAILURE;
+	}
+
+	return SUCCESS;
+}
+#endif
+/* }}} */
 /* }}} */
 
 /* {{{ php.ini directive registration */
@@ -1499,6 +1520,9 @@ PHP_INI_BEGIN()
 		PHP_INI_ALL,
 		OnUpdateLong,
 		strict_detection, zend_mbstring_globals, mbstring_globals)
+#if HAVE_MBREGEX
+	PHP_INI_ENTRY("mbstring.regex_stack_limit", "100000", PHP_INI_ALL, OnUpdate_regex_stack_limit)
+#endif
 PHP_INI_END()
 /* }}} */
 

@@ -0,0 +1,24 @@
+--TEST--
+Test oniguruma stack limit
+--SKIPIF--
+<?php extension_loaded('mbstring') or die('skip mbstring not available'); ?>
+--FILE--
+<?php
+$s = str_repeat(' ', 30000);
+
+ini_set('mbstring.regex_stack_limit', 10000);
+var_dump(mb_ereg('\\s+$', $s));
+
+ini_set('mbstring.regex_stack_limit', 30000);
+var_dump(mb_ereg('\\s+$', $s));
+
+ini_set('mbstring.regex_stack_limit', 30001);
+var_dump(mb_ereg('\\s+$', $s));
+
+echo 'OK';
+?>
+--EXPECT--
+bool(false)
+bool(false)
+int(1)
+OK
@@ -0,0 +1,25 @@
+--TEST--
+Test oniguruma stack limit
+--SKIPIF--
+<?php extension_loaded('mbstring') or die('skip mbstring not available'); ?>
+--FILE--
+<?php
+function mb_trim( $string, $chars = "", $chars_array = array() )
+{
+    for( $x=0; $x<iconv_strlen( $chars ); $x++ ) $chars_array[] = preg_quote( iconv_substr( $chars, $x, 1 ) );
+    $encoded_char_list = implode( "|", array_merge( array( "\s","\t","\n","\r", "\0", "\x0B" ), $chars_array ) );
+
+    $string = mb_ereg_replace( "^($encoded_char_list)*", "", $string );
+    $string = mb_ereg_replace( "($encoded_char_list)*$", "", $string );
+    return $string;
+}
+
+ini_set('mbstring.regex_stack_limit', 10000);
+var_dump(mb_trim(str_repeat(' ', 10000)));
+
+echo 'OK';
+?>
+--EXPECTF--
+Warning: mb_ereg_replace(): mbregex search failure in php_mbereg_replace_exec(): match-stack limit over in %s on line %d
+string(0) ""
+OK