Created
January 21, 2020 17:06
-
-
Save cmb69/080acb60a50d40f76bc7b628b376b5e4 to your computer and use it in GitHub Desktop.
PHP bug #79150
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
From 860ac0a204d6f5095c81d2f40f09745c90446099 Mon Sep 17 00:00:00 2001 | |
From: "Christoph M. Becker" <cmbecker69@gmx.de> | |
Date: Tue, 21 Jan 2020 17:18:40 +0100 | |
Subject: [PATCH] Fix #79150: memcpy-param-overlap caused by | |
zif_mb_convert_encoding | |
We must not assume that `hash_entry` `IS_STRING`, but rather use | |
`encoding_str` which is guaranteed to be. | |
--- | |
ext/mbstring/mbstring.c | 6 +++--- | |
ext/mbstring/tests/bug79150.phpt | 17 +++++++++++++++++ | |
2 files changed, 20 insertions(+), 3 deletions(-) | |
create mode 100644 ext/mbstring/tests/bug79150.phpt | |
diff --git a/ext/mbstring/mbstring.c b/ext/mbstring/mbstring.c | |
index a18d237df2..c0ba05cba3 100644 | |
--- a/ext/mbstring/mbstring.c | |
+++ b/ext/mbstring/mbstring.c | |
@@ -3369,12 +3369,12 @@ PHP_FUNCTION(mb_convert_encoding) | |
if ( _from_encodings) { | |
l = strlen(_from_encodings); | |
- n = strlen(Z_STRVAL_P(hash_entry)); | |
+ n = strlen(ZSTR_VAL(encoding_str)); | |
_from_encodings = erealloc(_from_encodings, l+n+2); | |
memcpy(_from_encodings + l, ",", 1); | |
- memcpy(_from_encodings + l + 1, Z_STRVAL_P(hash_entry), Z_STRLEN_P(hash_entry) + 1); | |
+ memcpy(_from_encodings + l + 1, ZSTR_VAL(encoding_str), ZSTR_LEN(encoding_str) + 1); | |
} else { | |
- _from_encodings = estrdup(Z_STRVAL_P(hash_entry)); | |
+ _from_encodings = estrdup(ZSTR_VAL(encoding_str)); | |
} | |
zend_string_release(encoding_str); | |
} ZEND_HASH_FOREACH_END(); | |
diff --git a/ext/mbstring/tests/bug79150.phpt b/ext/mbstring/tests/bug79150.phpt | |
new file mode 100644 | |
index 0000000000..25c06bd956 | |
--- /dev/null | |
+++ b/ext/mbstring/tests/bug79150.phpt | |
@@ -0,0 +1,17 @@ | |
+--TEST-- | |
+Bug #79150 (memcpy-param-overlap caused by zif_mb_convert_encoding) | |
+--SKIPIF-- | |
+<?php | |
+if (!extension_loaded('mbstring')) die('skip mbstring extension not available'); | |
+?> | |
+--FILE-- | |
+<?php | |
+var_dump(mb_convert_encoding('foo', 'UTF-8', array(['bar'], ['baz']))); | |
+?> | |
+--EXPECTF-- | |
+Notice: Array to string conversion in %s on line %d | |
+ | |
+Notice: Array to string conversion in %s on line %d | |
+ | |
+Warning: mb_convert_encoding(): Illegal character encoding specified in %s on line %d | |
+string(3) "foo" | |
-- | |
2.25.0.windows.1 | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment