--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/php/php56/patches/70345.patch Thu Nov 19 22:52:15 2015 -0800
@@ -0,0 +1,69 @@
+# Source: upstream
+# http://git.php.net/?p=php-src.git;a=patch;h=03964892c054d0c736414c10b3edc7a40318b975
+# https://bugs.php.net/bug.php?id=70345
+# Security
+# Patch regenerated
+
+--- ./php_pcre.c.orig 2015-09-11 14:09:24.834992504 -0700
++++ php-5.6.8/ext/pcre/php_pcre.c 2015-09-11 14:09:35.050782098 -0700
+@@ -681,7 +681,7 @@
+ /* If subpatterns array has been passed, fill it in with values. */
+ if (subpats != NULL) {
+ /* Try to get the list of substrings and display a warning if failed. */
+- if (pcre_get_substring_list(subject, offsets, count, &stringlist) < 0) {
++ if ((offsets[1] - offsets[0] < 0) || pcre_get_substring_list(subject, offsets, count, &stringlist) < 0) {
+ efree(subpat_names);
+ efree(offsets);
+ if (match_sets) efree(match_sets);
+@@ -1136,7 +1136,7 @@
+
+ piece = subject + start_offset;
+
+- if (count > 0 && (limit == -1 || limit > 0)) {
++ if (count > 0 && (offsets[1] - offsets[0] >= 0) && (limit == -1 || limit > 0)) {
+ if (replace_count) {
+ ++*replace_count;
+ }
+@@ -1589,7 +1589,7 @@
+ }
+
+ /* If something matched */
+- if (count > 0) {
++ if (count > 0 && (offsets[1] - offsets[0] >= 0)) {
+ if (!no_empty || &subject[offsets[0]] != last_match) {
+
+ if (offset_capture) {
+diff --git a/ext/pcre/tests/bug70345.phpt b/ext/pcre/tests/bug70345.phpt
+new file mode 100644
+index 0000000..0947ba3
+--- /dev/null
++++ b/ext/pcre/tests/bug70345.phpt
+@@ -0,0 +1,24 @@
++--TEST--
++Bug #70345 (Multiple vulnerabilities related to PCRE functions)
++--FILE--
++<?php
++$regex = '/(?=xyz\K)/';
++$subject = "aaaaxyzaaaa";
++
++$v = preg_split($regex, $subject);
++print_r($v);
++
++$regex = '/(a(?=xyz\K))/';
++$subject = "aaaaxyzaaaa";
++preg_match($regex, $subject, $matches);
++
++var_dump($matches);
++--EXPECTF--
++Array
++(
++ [0] => aaaaxyzaaaa
++)
++
++Warning: preg_match(): Get subpatterns list failed in %s on line %d
++array(0) {
++}
+--
+2.1.4
+
+