# Source: upstream
# http://git.php.net/?p=php-src.git;a=patch;h=03964892c054d0c736414c10b3edc7a40318b975
# https://bugs.php.net/bug.php?id=70345
# Security
# Patch regenerated

--- ./php_pcre.c.orig	2015-09-11 14:09:24.834992504 -0700
+++ php-5.6.8/ext/pcre/php_pcre.c	2015-09-11 14:09:35.050782098 -0700
@@ -681,7 +681,7 @@
 			/* If subpatterns array has been passed, fill it in with values. */
 			if (subpats != NULL) {
 				/* Try to get the list of substrings and display a warning if failed. */
-				if (pcre_get_substring_list(subject, offsets, count, &stringlist) < 0) {
+				if ((offsets[1] - offsets[0] < 0) || pcre_get_substring_list(subject, offsets, count, &stringlist) < 0) {
 					efree(subpat_names);
 					efree(offsets);
 					if (match_sets) efree(match_sets);
@@ -1136,7 +1136,7 @@
 
 		piece = subject + start_offset;
 
-		if (count > 0 && (limit == -1 || limit > 0)) {
+		if (count > 0 && (offsets[1] - offsets[0] >= 0) && (limit == -1 || limit > 0)) {
 			if (replace_count) {
 				++*replace_count;
 			}
@@ -1589,7 +1589,7 @@
 		}
 				
 		/* If something matched */
-		if (count > 0) {
+		if (count > 0 && (offsets[1] - offsets[0] >= 0)) {
 			if (!no_empty || &subject[offsets[0]] != last_match) {
 
 				if (offset_capture) {
diff --git a/ext/pcre/tests/bug70345.phpt b/ext/pcre/tests/bug70345.phpt
new file mode 100644
index 0000000..0947ba3
--- /dev/null
+++ b/ext/pcre/tests/bug70345.phpt
@@ -0,0 +1,24 @@
+--TEST--
+Bug #70345 (Multiple vulnerabilities related to PCRE functions)
+--FILE--
+<?php
+$regex = '/(?=xyz\K)/';
+$subject = "aaaaxyzaaaa";
+
+$v = preg_split($regex, $subject);
+print_r($v);
+
+$regex = '/(a(?=xyz\K))/';
+$subject = "aaaaxyzaaaa";
+preg_match($regex, $subject, $matches);
+
+var_dump($matches);
+--EXPECTF--
+Array
+(
+    [0] => aaaaxyzaaaa
+)
+
+Warning: preg_match(): Get subpatterns list failed in %s on line %d
+array(0) {
+}
-- 
2.1.4