UBSan address overflowed in ext/pcre/php_pcre.c

[YuanchengJiang]

Description

The following code:

<?php
$string = 'This is a string. It contains numbers (0*9) as well as parentheses and some other things!';
$fusion = preg_replace(array('/\b\w{1}s/', '/(\d{1})*(\d{1})/', '/[\(!\)]/'), array('test', '$1 to $2', '*'), $string);

Resulted in this output:

/php-src/ext/pcre/php_pcre.c:1753:49: runtime error: addition of unsigned offset to 0x7fefcf8491f8 overflowed to 0x7fefcf8491f7
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /php-src/ext/pcre/php_pcre.c:1753:49

PHP Version

PHP 8.4.0-dev

Operating System

ubuntu 22.04

[nielsdos]

Looks like the offset for the copy is incorrectly used.
Edit: oh it's just the offset being -1. I'll check tonight what we need to do in that case.