From efb86aef12ff4f8f3908ceff2844f7511f7d61eb Mon Sep 17 00:00:00 2001
From: "Christoph M. Becker" <cmbecker69@gmx.de>
Date: Sun, 26 Aug 2018 12:59:17 +0200
Subject: Fix #68180: iconv_mime_decode can return extra characters in a header

Basically, the algorithm to append a converted string to an existing
`smart_str` works by increasing the `smart_str` buffer, to let `iconv`
convert characters until there is no more space, to set the new length
of the `smart_str` and to repeat until there is no more input.

Formerly, the new length calculation has been wrong, though, since we
would have to take the old `out_len` into account (`buf_growth -
old_out_len - out_len`).  However, since there is no need to take the
old `out_len` into account when increasing the `smart_str` buffer, we
can simplify the fix, avoiding an additional variable.
---
 NEWS                          |  2 ++
 ext/iconv/iconv.c             |  4 ++--
 ext/iconv/tests/bug68180.phpt | 16 ++++++++++++++++
 3 files changed, 20 insertions(+), 2 deletions(-)
 create mode 100644 ext/iconv/tests/bug68180.phpt

diff --git a/NEWS b/NEWS
index 08f0fae425..0f9806f13d 100644
--- a/NEWS
+++ b/NEWS
@@ -14,6 +14,8 @@ PHP                                                                        NEWS
   . Fixed bug #76517 (incorrect restoring of LDFLAGS). (sji)
 
 - iconv:
+  . Fixed bug #68180 (iconv_mime_decode can return extra characters in a 
+    header). (cmb)
   . Fixed bug #63839 (iconv_mime_decode_headers function is skipping headers).
     (cmb)
   . Fixed bug #60494 (iconv_mime_decode does ignore special characters). (cmb)
diff --git a/ext/iconv/iconv.c b/ext/iconv/iconv.c
index d759596d65..de5bccbb97 100644
--- a/ext/iconv/iconv.c
+++ b/ext/iconv/iconv.c
@@ -466,7 +466,7 @@ static php_iconv_err_t _php_iconv_appendl(smart_str *d, const char *s, size_t l,
 
 	if (in_p != NULL) {
 		while (in_left > 0) {
-			out_left = buf_growth - out_left;
+			out_left = buf_growth;
 			smart_str_alloc(d, out_left, 0);
 
 			out_p = ZSTR_VAL((d)->s) + ZSTR_LEN((d)->s);
@@ -500,7 +500,7 @@ static php_iconv_err_t _php_iconv_appendl(smart_str *d, const char *s, size_t l,
 		}
 	} else {
 		for (;;) {
-			out_left = buf_growth - out_left;
+			out_left = buf_growth;
 			smart_str_alloc(d, out_left, 0);
 
 			out_p = ZSTR_VAL((d)->s) + ZSTR_LEN((d)->s);
diff --git a/ext/iconv/tests/bug68180.phpt b/ext/iconv/tests/bug68180.phpt
new file mode 100644
index 0000000000..3442629235
--- /dev/null
+++ b/ext/iconv/tests/bug68180.phpt
@@ -0,0 +1,16 @@
+--TEST--
+Bug #68180 (iconv_mime_decode can return extra characters in a header)
+--SKIPIF--
+<?php
+if (!extension_loaded('iconv')) die('skip iconv extension not available');
+?>
+--FILE--
+<?php
+$original = "=?UTF-8?Q?=E3=80=8E=E3=80=90=E5=A4=96=E8=B3=87=E7=B3=BB=E6=88=A6=E7=95=A5=E3=82=B3=E3=83=B3=E3=82=B5=E3=83=AB=E3=81=8C=E9=9B=86=E7=B5=90=E3=80=91=E3=83=88=E3=83=83=E3=83=97=E3=82=B3=E3=83=B3=E3=82=B5=E3=83=AB=E3=82=BF=E3=83=B3=E3=83=88=E3=81=A8=E8=A9=B1=E3=81=9B=E3=82=8B=E3=82=B3=E3=83=B3=E3=82=B5=E3=83=AB=E6=A5=AD=E7=95=8C=E7=A0=94=E7=A9=B6=E3=82=BB=E3=83=9F=E3=83=8A=E3=83=BC=E3=80=8F=E3=81=B8=E3=81=AE=E3=82=A8=E3=83=B3=E3=83=88=E3=83=AA=E3=83=BC=E3=81=82=E3=82=8A=E3=81=8C=E3=81=A8=E3=81=86=E3=81=94=E3=81=96=E3=81=84=E3=81=BE=E3=81=97=E3=81=9F=E3=80=82?=";
+$decoded = iconv_mime_decode($original, ICONV_MIME_DECODE_STRICT, 'utf-8');
+var_dump($decoded);
+?>
+===DONE===
+--EXPECT--
+string(183) "『【外資系戦略コンサルが集結】トップコンサルタントと話せるコンサル業界研究セミナー』へのエントリーありがとうございました。"
+===DONE===
-- 
cgit v1.2.1