Backport 7f5f460 for 7.2

Author: weltling

ext/fileinfo/libmagic/apprentice.c

@@ -2524,18 +2524,19 @@ getvalue(struct magic_set *ms, struct magic *m, const char **p, int action)
 			return -1;
 		}
 		if (m->type == FILE_REGEX) {
-			/*  XXX do we need this? */
-			/*zval pattern;
+			zval pattern;
 			int options = 0;
 			pcre_cache_entry *pce;
 
 			convert_libmagic_pattern(&pattern, m->value.s, strlen(m->value.s), options);
 
 			if ((pce = pcre_get_compiled_regex_cache(Z_STR(pattern))) == NULL) {
+				zval_dtor(&pattern);
 				return -1;	
 			}
+			zval_dtor(&pattern);
 
-			return 0;*/
+			return 0;
 		}
 		return 0;
 	case FILE_FLOAT:

ext/fileinfo/libmagic/softmagic.c

@@ -1203,28 +1203,21 @@ mcopy(struct magic_set *ms, union VALUETYPE *p, int type, int indir,
 				return 0;
 			}
 
-			/* bytecnt checks are to be kept for PHP, see cve-2014-3538.
-			 PCRE might get stuck if the input buffer is too big. */
-			linecnt = m->str_range;
-			bytecnt = linecnt * 80;
-
-			if (bytecnt == 0) {
-				bytecnt = 1 << 14;
+			if (m->str_flags & REGEX_LINE_COUNT) {
+				linecnt = m->str_range;
+				bytecnt = linecnt * 80;
+			} else {
+				linecnt = 0;
+				bytecnt = m->str_range;
 			}
 
-			if (bytecnt > nbytes) {
-				bytecnt = nbytes;
-			}
-			if (offset > bytecnt) {
-				offset = bytecnt;
-			}
-			if (s == NULL) {
-				ms->search.s_len = 0;
-				ms->search.s = NULL;
-				return 0;
-			}
+			if (bytecnt == 0 || bytecnt > nbytes - offset)
+				bytecnt = nbytes - offset;
+			if (bytecnt > ms->regex_max)
+				bytecnt = ms->regex_max;
+
 			buf = RCAST(const char *, s) + offset;
-			end = last = RCAST(const char *, s) + bytecnt;
+			end = last = RCAST(const char *, s) + bytecnt + offset;
 			/* mget() guarantees buf <= last */
 			for (lines = linecnt, b = buf; lines && b < end &&
 			     ((b = CAST(const char *,