From c3f9b494aaa6bf63a9b9957894532e80b7a4cd54 Mon Sep 17 00:00:00 2001
From: "Christoph M. Becker" <cmbecker69@gmx.de>
Date: Sat, 19 Sep 2020 12:37:57 +0200
Subject: [PATCH] Fix #80118: Erroneous whitespace match with JIT only

We port r1273[1] from PCRE2.

[1] <https://vcs.pcre.org/pcre2?revision=1273&view=revision>
---
 ext/pcre/pcre2lib/pcre2_jit_compile.c | 36 +++++++++++++++++++++------
 ext/pcre/tests/bug80118.phpt          | 10 ++++++++
 2 files changed, 38 insertions(+), 8 deletions(-)
 create mode 100644 ext/pcre/tests/bug80118.phpt

diff --git a/ext/pcre/pcre2lib/pcre2_jit_compile.c b/ext/pcre/pcre2lib/pcre2_jit_compile.c
index 8e51576ac68de..61aa019d10124 100644
--- a/ext/pcre/pcre2lib/pcre2_jit_compile.c
+++ b/ext/pcre/pcre2lib/pcre2_jit_compile.c
@@ -7594,25 +7594,43 @@ if (needstype || needsscript)
       }
 
     cc = ccbegin;
-    }
 
-  if (needschar)
-    OP1(SLJIT_MOV, TMP1, 0, RETURN_ADDR, 0);
+    if (needstype)
+      {
+      /* TMP2 has already been shifted by 2 */
+      if (!needschar)
+        {
+        OP2(SLJIT_ADD, TMP1, 0, TMP2, 0, TMP2, 0);
+        OP2(SLJIT_ADD, TMP1, 0, TMP1, 0, TMP2, 0);
+
+        OP1(SLJIT_MOV_U8, TMP1, 0, SLJIT_MEM1(TMP1), (sljit_sw)PRIV(ucd_records) + SLJIT_OFFSETOF(ucd_record, chartype));
+        }
+      else
+        {
+        OP2(SLJIT_ADD, TMP1, 0, TMP2, 0, TMP2, 0);
+        OP2(SLJIT_ADD, TMP2, 0, TMP2, 0, TMP1, 0);
 
-  if (needstype)
+        OP1(SLJIT_MOV, TMP1, 0, RETURN_ADDR, 0);
+        OP1(SLJIT_MOV_U8, RETURN_ADDR, 0, SLJIT_MEM1(TMP2), (sljit_sw)PRIV(ucd_records) + SLJIT_OFFSETOF(ucd_record, chartype));
+        typereg = RETURN_ADDR;
+        }
+      }
+    else if (needschar)
+      OP1(SLJIT_MOV, TMP1, 0, RETURN_ADDR, 0);
+    }
+  else if (needstype)
     {
+    OP2(SLJIT_SHL, TMP1, 0, TMP2, 0, SLJIT_IMM, 3);
+    OP2(SLJIT_SHL, TMP2, 0, TMP2, 0, SLJIT_IMM, 2);
+
     if (!needschar)
       {
-      OP2(SLJIT_SHL, TMP1, 0, TMP2, 0, SLJIT_IMM, 3);
-      OP2(SLJIT_SHL, TMP2, 0, TMP2, 0, SLJIT_IMM, 2);
       OP2(SLJIT_ADD, TMP1, 0, TMP1, 0, TMP2, 0);
 
       OP1(SLJIT_MOV_U8, TMP1, 0, SLJIT_MEM1(TMP1), (sljit_sw)PRIV(ucd_records) + SLJIT_OFFSETOF(ucd_record, chartype));
       }
     else
       {
-      OP2(SLJIT_SHL, TMP1, 0, TMP2, 0, SLJIT_IMM, 2);
-      OP2(SLJIT_SHL, TMP2, 0, TMP2, 0, SLJIT_IMM, 3);
       OP2(SLJIT_ADD, TMP2, 0, TMP2, 0, TMP1, 0);
 
       OP1(SLJIT_MOV, TMP1, 0, RETURN_ADDR, 0);
@@ -7620,6 +7638,8 @@ if (needstype || needsscript)
       typereg = RETURN_ADDR;
       }
     }
+  else if (needschar)
+    OP1(SLJIT_MOV, TMP1, 0, RETURN_ADDR, 0);
   }
 #endif /* SUPPORT_UNICODE */
 
diff --git a/ext/pcre/tests/bug80118.phpt b/ext/pcre/tests/bug80118.phpt
new file mode 100644
index 0000000000000..5de66076e0437
--- /dev/null
+++ b/ext/pcre/tests/bug80118.phpt
@@ -0,0 +1,10 @@
+--TEST--
+Bug #80118 (Erroneous whitespace match with JIT only)
+--FILE--
+<?php
+preg_match('~[^\p{Han}\p{Z}]~u', '     ', $matches);
+var_dump($matches);
+?>
+--EXPECT--
+array(0) {
+}