Prevent regex cache reuse when JIT flag does not match

Author: mvorisek

ext/pcre/php_pcre.c

@@ -638,10 +638,15 @@ PHPAPI pcre_cache_entry* pcre_get_compiled_regex_cache_ex(zend_string *regex, in
 	   back the compiled pattern, otherwise go on and compile it. */
 	zv = zend_hash_find(&PCRE_G(pcre_cache), key);
 	if (zv) {
-		if (key != regex) {
-			zend_string_release_ex(key, 0);
+		pcre_cache_entry *pce = (pcre_cache_entry*)Z_PTR_P(zv);
+		if (!(pce->preg_options & PREG_JIT) == !PCRE_G(jit)) {
+			if (key != regex) {
+				zend_string_release_ex(key, 0);
+			}
+			return pce;
+		} else {
+			zend_hash_del(&PCRE_G(pcre_cache), key);
 		}
-		return (pcre_cache_entry*)Z_PTR_P(zv);
 	}
 
 	p = ZSTR_VAL(regex);

ext/pcre/tests/gh11374.phpt

@@ -0,0 +1,32 @@
+--TEST--
+GH-11374 PCRE cache entry cannot be reused when PCRE JIT flag has changed
+--SKIPIF--
+<?php
+if (ini_get("pcre.jit") === false) {
+    die("skip no jit built");
+}
+--FILE--
+<?php
+
+// testing if PCRE cache entry was reused or not is not possible from userland, so instead we test
+// if PCRE JIT flag can be cleared and the pcre_match pass
+
+foreach ([true, false, true] as $pcreJit) {
+    ini_set('pcre.jit', $pcreJit ? '1' : '0');
+    var_dump(ini_get('pcre.jit'));
+
+    var_dump(preg_match('/^a(b+)/', 'abbc', $matches));
+    var_dump($matches === ['abb', 'bb']);
+}
+
+?>
+--EXPECT--
+string(1) "1"
+int(1)
+bool(true)
+string(1) "0"
+int(1)
+bool(true)
+string(1) "1"
+int(1)
+bool(true)