Add assertion to mb_utf7imap_to_wchar to catch buffer overrun

alexdowad · alexdowad · commit a57fdea1499b · 2023-10-01T14:43:35.000+02:00
I don't believe such a buffer overrun will ever occur, but just in
case the code is changed in the future, it will be good to have an
assertion here to help catch bugs. (A similar assertion is already
used in the UTF-7 version of this function.)
diff --git a/ext/mbstring/libmbfl/filters/mbfilter_utf7imap.c b/ext/mbstring/libmbfl/filters/mbfilter_utf7imap.c
@@ -616,6 +616,7 @@ static size_t mb_utf7imap_to_wchar(unsigned char **in, size_t *in_len, uint32_t
 	if (p == e && base64) {
 		/* UTF7-IMAP doesn't allow strings to end in Base64 mode
 		 * One space in output buffer was reserved just for this */
+		ZEND_ASSERT(out < limit);
 		*out++ = MBFL_BAD_INPUT;
 	}
 

Original file line number	Diff line number	Diff line change
`@@ -616,6 +616,7 @@ static size_t mb_utf7imap_to_wchar(unsigned char *in, size_t in_len, uint32_t`
`616`	`616`	`if (p == e && base64) {`
`617`	`617`	`/* UTF7-IMAP doesn't allow strings to end in Base64 mode`
`618`	`618`	`* One space in output buffer was reserved just for this */`
	`619`	`+ ZEND_ASSERT(out < limit);`
`619`	`620`	`*out++ = MBFL_BAD_INPUT;`
`620`	`621`	`}`
`621`	`622`