From d840200cea34e4fa04371694a17b55c6335aab89 Mon Sep 17 00:00:00 2001
From: Yuya Hamada <youkidearitai@gmail.com>
Date: Sat, 5 Oct 2024 16:59:07 +0900
Subject: [PATCH] Fix GH-16229: Address overflowed in mb_send_mail when empty
 string

---
 ext/mbstring/mbstring.c         |  3 ++-
 ext/mbstring/tests/gh16229.phpt | 26 ++++++++++++++++++++++++++
 2 files changed, 28 insertions(+), 1 deletion(-)
 create mode 100644 ext/mbstring/tests/gh16229.phpt

diff --git a/ext/mbstring/mbstring.c b/ext/mbstring/mbstring.c
index 5aa25b57f01..0b362309ca4 100644
--- a/ext/mbstring/mbstring.c
+++ b/ext/mbstring/mbstring.c
@@ -4179,7 +4179,8 @@ PHP_FUNCTION(mb_send_mail)
 #define PHP_MBSTR_MAIL_MIME_HEADER2 "Content-Type: text/plain"
 #define PHP_MBSTR_MAIL_MIME_HEADER3 "; charset="
 #define PHP_MBSTR_MAIL_MIME_HEADER4 "Content-Transfer-Encoding: "
-	if (str_headers != NULL) {
+
+	if (str_headers != NULL && ZSTR_LEN(str_headers) > 0) {
 		p = ZSTR_VAL(str_headers);
 		n = ZSTR_LEN(str_headers);
 		mbfl_memory_device_strncat(&device, p, n);
diff --git a/ext/mbstring/tests/gh16229.phpt b/ext/mbstring/tests/gh16229.phpt
new file mode 100644
index 00000000000..1fe558d9b10
--- /dev/null
+++ b/ext/mbstring/tests/gh16229.phpt
@@ -0,0 +1,26 @@
+--TEST--
+GH-16229 (Address overflowed in ext/mbstring/mbstring.c:4613 #16229)
+--EXTENSIONS--
+mbstring
+--INI--
+sendmail_path={MAIL:{PWD}/mb_send_mail_gh16229.eml}
+mail.add_x_header=off
+--SKIPIF--
+<?php
+if (!function_exists("mb_send_mail") || !mb_language("japanese")) {
+    die("skip mb_send_mail() not available");
+}
+?>
+--FILE--
+<?php
+try {
+	$a = false;
+	mb_send_mail($a,$a,$a,$a,$a);
+} catch (Exception $e) {
+}
+?>
+--CLEAN--
+<?php
+@unlink(__DIR__ . "/mb_send_mail_gh16229.eml");
+?>
+--EXPECTF--