php/archived-php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2026-03-24 00:02:20 +01:00
Code Issues Packages Projects Releases Wiki Activity

replace alloca with do_alloca in mb_guess_encoding_for_strings

Browse Source 
This avoids a crash in cases where the list of candidate encodings is so huge
that alloca would fail. Such crashes have been observed when the list of
encodings was larger than around 208,000 entries.
This commit is contained in:
Jordi Kroon
2026-02-15 23:55:43 +01:00
committed by Alex Dowad
parent 84bfe2fadd
commit 37c5a13d67
3 changed files with 31 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
NEWS
View File

@@ -27,6 +27,10 @@ PHP NEWS
. Fixed bug GH-21097 (Accessing Dom\Node properties can can throw TypeError).
(ndossche)
- MBString:
. Fixed bug GH-21223; mb_guess_encoding no longer crashes when passed huge
list of candidate encodings (with 200,000+ entries). (Jordi Kroon)
- Opcache:
. Fixed bug GH-20718 ("Insufficient shared memory" when using JIT on Solaris).
(Petr Sumbera)

11
ext/mbstring/mbstring.c
View File

@@ -3376,8 +3376,9 @@ MBSTRING_API const mbfl_encoding* mb_guess_encoding_for_strings(const unsigned c
return *elist;
}
/* Allocate on stack; when we return, this array is automatically freed */
struct candidate *array = alloca(elist_size * sizeof(struct candidate));
/* Allocate on stack or heap */
ALLOCA_FLAG(use_heap)
struct candidate *array = do_alloca(elist_size * sizeof(struct candidate), use_heap);
elist_size = init_candidate_array(array, elist_size, elist, strings, str_lengths, n, strict, order_significant);
while (n--) {
@@ -3385,6 +3386,7 @@ MBSTRING_API const mbfl_encoding* mb_guess_encoding_for_strings(const unsigned c
elist_size = count_demerits(array, elist_size, strict);
if (elist_size == 0) {
/* All candidates were eliminated */
free_alloca(array, use_heap);
return NULL;
}
}
@@ -3396,7 +3398,10 @@ MBSTRING_API const mbfl_encoding* mb_guess_encoding_for_strings(const unsigned c
best = i;
}
}
return array[best].enc;
const mbfl_encoding *result = array[best].enc;
free_alloca(array, use_heap);
return result;
}
/* When doing 'strict' detection, any string which is invalid in the candidate encoding

19
ext/mbstring/tests/gh21223.phpt Normal file
View File

@@ -0,0 +1,19 @@
--TEST--
GH-21223 (Stack overflow in mb_guess_encoding called via mb_detect_encoding)
--EXTENSIONS--
mbstring
--FILE--
<?php
$str = "hello";
$list = [];
for ($i = 0; $i < 500000; $i++) {
$list[] = "UTF-8";
}
var_dump(mb_detect_encoding($str, $list, false));
echo "Done";
?>
--EXPECT--
string(5) "UTF-8"
Done