diff options
author | Christoph M. Becker <cmbecker69@gmx.de> | 2020-01-22 10:25:37 +0100 |
---|---|---|
committer | Christoph M. Becker <cmbecker69@gmx.de> | 2020-01-22 10:28:07 +0100 |
commit | 9be31a582a83c38cdace9d54778398bc9fe0c7a9 (patch) | |
tree | bac3f8d02c54a38017bcec24be65cb773a517564 | |
parent | 5a9475f4b933aa5bfd16cd2a452ee57aec803dc4 (diff) | |
download | php-git-9be31a582a83c38cdace9d54778398bc9fe0c7a9.tar.gz |
Fix #79154: mb_convert_encoding() can modify $from_encoding
We must not modify arrays passed by value.
-rw-r--r-- | NEWS | 3 | ||||
-rw-r--r-- | ext/mbstring/mbstring.c | 9 | ||||
-rw-r--r-- | ext/mbstring/tests/bug79154.phpt | 34 |
3 files changed, 41 insertions, 5 deletions
@@ -11,6 +11,9 @@ PHP NEWS . Fixed bug #79078 (Hypothetical use-after-free in curl_multi_add_handle()). (cmb) +- MBString: + . Fixed bug #79154 (mb_convert_encoding() can modify $from_encoding). (cmb) + - MySQLnd: . Fixed bug #79084 (mysqlnd may fetch wrong column indexes with MYSQLI_BOTH). (cmb) diff --git a/ext/mbstring/mbstring.c b/ext/mbstring/mbstring.c index a42373e5cb..d227bb278a 100644 --- a/ext/mbstring/mbstring.c +++ b/ext/mbstring/mbstring.c @@ -3232,17 +3232,16 @@ PHP_FUNCTION(mb_convert_encoding) _from_encodings = NULL; ZEND_HASH_FOREACH_VAL(target_hash, hash_entry) { - - convert_to_string_ex(hash_entry); + zend_string *encoding_str = zval_get_string(hash_entry); if ( _from_encodings) { l = strlen(_from_encodings); - n = strlen(Z_STRVAL_P(hash_entry)); + n = strlen(ZSTR_VAL(encoding_str)); _from_encodings = erealloc(_from_encodings, l+n+2); memcpy(_from_encodings + l, ",", 1); - memcpy(_from_encodings + l + 1, Z_STRVAL_P(hash_entry), Z_STRLEN_P(hash_entry) + 1); + memcpy(_from_encodings + l + 1, ZSTR_VAL(encoding_str), ZSTR_LEN(encoding_str) + 1); } else { - _from_encodings = estrdup(Z_STRVAL_P(hash_entry)); + _from_encodings = estrdup(ZSTR_VAL(encoding_str)); } } ZEND_HASH_FOREACH_END(); diff --git a/ext/mbstring/tests/bug79154.phpt b/ext/mbstring/tests/bug79154.phpt new file mode 100644 index 0000000000..dafac1bd5d --- /dev/null +++ b/ext/mbstring/tests/bug79154.phpt @@ -0,0 +1,34 @@ +--TEST-- +Bug 79154 (mb_convert_encoding() can modify $from_encoding) +--SKIPIF-- +<?php +if (!extension_loaded('mbstring')) die('mbstring extension not available'); +?> +--FILE-- +<?php +class Utf8Encoding +{ + public function __toString() + { + return 'UTF-8'; + } +} + +$utf8encoding = new Utf8Encoding(); +$encodings = [$utf8encoding]; +var_dump($encodings); +mb_convert_encoding('foo', 'UTF-8', $encodings); +var_dump($encodings); + +?> +--EXPECTF-- +array(1) { + [0]=> + object(Utf8Encoding)#%d (0) { + } +} +array(1) { + [0]=> + object(Utf8Encoding)#%d (0) { + } +} |