cmb69/0001-Fix-79150-memcpy-param-overlap-caused-by-zif_mb_conv.patch Secret

## 0001-Fix-79150-memcpy-param-overlap-caused-by-zif_mb_conv.patch
From 860ac0a204d6f5095c81d2f40f09745c90446099 Mon Sep 17 00:00:00 2001
From: "Christoph M. Becker" <cmbecker69@gmx.de>
Date: Tue, 21 Jan 2020 17:18:40 +0100
Subject: [PATCH] Fix #79150: memcpy-param-overlap caused by
 zif_mb_convert_encoding

We must not assume that `hash_entry` `IS_STRING`, but rather use
`encoding_str` which is guaranteed to be.
---
 ext/mbstring/mbstring.c          |  6 +++---
 ext/mbstring/tests/bug79150.phpt | 17 +++++++++++++++++
 2 files changed, 20 insertions(+), 3 deletions(-)
 create mode 100644 ext/mbstring/tests/bug79150.phpt

diff --git a/ext/mbstring/mbstring.c b/ext/mbstring/mbstring.c
index a18d237df2..c0ba05cba3 100644
--- a/ext/mbstring/mbstring.c
+++ b/ext/mbstring/mbstring.c
@@ -3369,12 +3369,12 @@ PHP_FUNCTION(mb_convert_encoding)

 					if ( _from_encodings) {
 						l = strlen(_from_encodings);
-						n = strlen(Z_STRVAL_P(hash_entry));
+						n = strlen(ZSTR_VAL(encoding_str));
 						_from_encodings = erealloc(_from_encodings, l+n+2);
 						memcpy(_from_encodings + l, ",", 1);
-						memcpy(_from_encodings + l + 1, Z_STRVAL_P(hash_entry), Z_STRLEN_P(hash_entry) + 1);
+						memcpy(_from_encodings + l + 1, ZSTR_VAL(encoding_str), ZSTR_LEN(encoding_str) + 1);
 					} else {
-						_from_encodings = estrdup(Z_STRVAL_P(hash_entry));
+						_from_encodings = estrdup(ZSTR_VAL(encoding_str));
 					}
 					zend_string_release(encoding_str);
 				} ZEND_HASH_FOREACH_END();
diff --git a/ext/mbstring/tests/bug79150.phpt b/ext/mbstring/tests/bug79150.phpt
new file mode 100644
index 0000000000..25c06bd956
--- /dev/null
+++ b/ext/mbstring/tests/bug79150.phpt
@@ -0,0 +1,17 @@
+--TEST--
+Bug #79150 (memcpy-param-overlap caused by zif_mb_convert_encoding)
+--SKIPIF--
+<?php
+if (!extension_loaded('mbstring')) die('skip mbstring extension not available');
+?>
+--FILE--
+<?php
+var_dump(mb_convert_encoding('foo', 'UTF-8', array(['bar'], ['baz'])));
+?>
+--EXPECTF--
+Notice: Array to string conversion in %s on line %d
+
+Notice: Array to string conversion in %s on line %d
+
+Warning: mb_convert_encoding(): Illegal character encoding specified in %s on line %d
+string(3) "foo"
--
2.25.0.windows.1
	From 860ac0a204d6f5095c81d2f40f09745c90446099 Mon Sep 17 00:00:00 2001
	From: "Christoph M. Becker" <cmbecker69@gmx.de>
	Date: Tue, 21 Jan 2020 17:18:40 +0100
	Subject: [PATCH] Fix #79150: memcpy-param-overlap caused by
	zif_mb_convert_encoding

	We must not assume that `hash_entry` `IS_STRING`, but rather use
	`encoding_str` which is guaranteed to be.
	---
	ext/mbstring/mbstring.c \| 6 +++---
	ext/mbstring/tests/bug79150.phpt \| 17 +++++++++++++++++
	2 files changed, 20 insertions(+), 3 deletions(-)
	create mode 100644 ext/mbstring/tests/bug79150.phpt

	diff --git a/ext/mbstring/mbstring.c b/ext/mbstring/mbstring.c
	index a18d237df2..c0ba05cba3 100644
	--- a/ext/mbstring/mbstring.c
	+++ b/ext/mbstring/mbstring.c
	@@ -3369,12 +3369,12 @@ PHP_FUNCTION(mb_convert_encoding)

	if ( _from_encodings) {
	l = strlen(_from_encodings);
	- n = strlen(Z_STRVAL_P(hash_entry));
	+ n = strlen(ZSTR_VAL(encoding_str));
	_from_encodings = erealloc(_from_encodings, l+n+2);
	memcpy(_from_encodings + l, ",", 1);
	- memcpy(_from_encodings + l + 1, Z_STRVAL_P(hash_entry), Z_STRLEN_P(hash_entry) + 1);
	+ memcpy(_from_encodings + l + 1, ZSTR_VAL(encoding_str), ZSTR_LEN(encoding_str) + 1);
	} else {
	- _from_encodings = estrdup(Z_STRVAL_P(hash_entry));
	+ _from_encodings = estrdup(ZSTR_VAL(encoding_str));
	}
	zend_string_release(encoding_str);
	} ZEND_HASH_FOREACH_END();
	diff --git a/ext/mbstring/tests/bug79150.phpt b/ext/mbstring/tests/bug79150.phpt
	new file mode 100644
	index 0000000000..25c06bd956
	--- /dev/null
	+++ b/ext/mbstring/tests/bug79150.phpt
	@@ -0,0 +1,17 @@
	+--TEST--
	+Bug #79150 (memcpy-param-overlap caused by zif_mb_convert_encoding)
	+--SKIPIF--
	+<?php
	+if (!extension_loaded('mbstring')) die('skip mbstring extension not available');
	+?>
	+--FILE--
	+<?php
	+var_dump(mb_convert_encoding('foo', 'UTF-8', array(['bar'], ['baz'])));
	+?>
	+--EXPECTF--
	+Notice: Array to string conversion in %s on line %d
	+
	+Notice: Array to string conversion in %s on line %d
	+
	+Warning: mb_convert_encoding(): Illegal character encoding specified in %s on line %d
	+string(3) "foo"
	--
	2.25.0.windows.1