Fix #78633: Heap buffer overflow (read) in mb_eregi

We backport kkos/oniguruma@15c4228.

Author: cmb69

ext/mbstring/oniguruma/src/regcomp.c

@@ -724,8 +724,8 @@ add_compile_string(UChar* s, int mb_len, int str_len,
     COP(reg)->exact_n.s = p;
   }
   else {
+    xmemset(COP(reg)->exact.s, 0, sizeof(COP(reg)->exact.s));
     xmemcpy(COP(reg)->exact.s, s, (size_t )byte_len);
-    COP(reg)->exact.s[byte_len] = '\0';
   }
 
   return 0;

ext/mbstring/oniguruma/src/regexec.c

@@ -2900,6 +2900,7 @@ match_at(regex_t* reg, const UChar* str, const UChar* end,
           DATA_ENSURE(0);
           q = lowbuf;
           while (len-- > 0) {
+            if (ps >= endp) goto fail;
             if (*ps != *q) goto fail;
             ps++; q++;
           }

ext/mbstring/tests/bug78633.phpt

@@ -0,0 +1,13 @@
+--TEST--
+Bug #78633 (Heap buffer overflow (read) in mb_eregi)
+--SKIPIF--
+<?php
+if (!extension_loaded('mbstring')) die('skip mbstring extension not available');
+if (!function_exists('mb_eregi')) die('skip mb_eregi function not available');
+?>
+--FILE--
+<?php
+var_dump(mb_eregi(".+Isssǰ", ".+Isssǰ"));
+?>
+--EXPECT--
+bool(false)