Fully use available buffer space where converting Base64

I didn't think this through carefully enough when first writing this code,
but it's not necessary to reserve space for the 1-2 wchars which may be emitted
before exiting the function.

Why? Well, we are guaranteed that when we enter the function, there are at
least 3 spaces in the wchar buffer. The only way those can be consumed is if
wchars are emitted in the main 'while' loop, but if it does emit any wchars,
it will set 'bits' to zero at the same time, which means the final part will
not emit anything. 'bits' can be incremented again by the main loop, but the
main loop only runs while there are still at least 3 spaces in the buffer.

So basically, we are guaranteed that when the main loop terminates, either
there are 3 or more spaces remaining in the wchar buffer, or else 'bits' is
zero, or both.

Author: alexdowad

ext/mbstring/libmbfl/filters/mbfilter_base64.c

@@ -234,10 +234,10 @@ static int decode_base64(char c)
 
 static size_t mb_base64_to_wchar(unsigned char **in, size_t *in_len, uint32_t *buf, size_t bufsize, unsigned int *state)
 {
+	ZEND_ASSERT(bufsize >= 3);
+
 	unsigned char *p = *in, *e = p + *in_len;
-	/* Reserve two slots at the end of the output buffer so that we always have
-	 * space to emit any trailing bytes when we hit the end of the input string */
-	uint32_t *out = buf, *limit = buf + bufsize - 2;
+	uint32_t *out = buf, *limit = buf + bufsize;
 
 	unsigned int bits = *state & 0xFF, cache = *state >> 8;
 
@@ -266,6 +266,7 @@ static size_t mb_base64_to_wchar(unsigned char **in, size_t *in_len, uint32_t *b
 
 	if (p == e) {
 		if (bits) {
+			/* If we reach here, there will be at least 3 spaces remaining in output buffer */
 			if (bits == 18) {
 				*out++ = (cache >> 10) & 0xFF;
 				*out++ = (cache >> 2) & 0xFF;