Fixed bug #71906: AddressSanitizer: negative-size-param (-1) in mbfl_strcut

diff --git a/ext/mbstring/libmbfl/mbfl/mbfilter.c b/ext/mbstring/libmbfl/mbfl/mbfilter.c
index 3b14727d6b6c117f16d3c96521f85d475fd163f9..4986472b9b26a3dac50d383a80938f2bf66139bc 100644 (file)
--- a/ext/mbstring/libmbfl/mbfl/mbfilter.c
+++ b/ext/mbstring/libmbfl/mbfl/mbfilter.c
@@ -72,7 +72,7 @@
  *
  */
 
-/* 
+/*
  * Unicode support
  *
  * Portions copyright (c) 1999,2000,2001 by the PHP3 internationalization team.
@@ -137,7 +137,7 @@ mbfl_buffer_converter_new(
 mbfl_buffer_converter *
 mbfl_buffer_converter_new2(
        const mbfl_encoding *from,
-       const mbfl_encoding *to, 
+       const mbfl_encoding *to,
     int buf_initsz)
 {
        mbfl_buffer_converter *convd;
@@ -339,7 +339,7 @@ mbfl_buffer_converter_result(mbfl_buffer_converter *convd, mbfl_string *result)
 }
 
 mbfl_string *
-mbfl_buffer_converter_feed_result(mbfl_buffer_converter *convd, mbfl_string *string, 
+mbfl_buffer_converter_feed_result(mbfl_buffer_converter *convd, mbfl_string *string,
                                  mbfl_string *result)
 {
        if (convd == NULL || string == NULL || result == NULL) {
@@ -535,7 +535,7 @@ const mbfl_encoding *mbfl_encoding_detector_judge2(mbfl_encoding_detector *ident
                        }
                        n--;
                }
- 
+
                /* fallback judge */
                if (!encoding) {
                        n = identd->filter_list_size - 1;
@@ -702,7 +702,7 @@ mbfl_identify_encoding(mbfl_string *string, enum mbfl_no_encoding *elist, int el
                        }
                }
        }
- 
+
        /* cleanup */
        /* dtors should be called in reverse order */
        i = num; while (--i >= 0) {
@@ -785,7 +785,7 @@ mbfl_identify_encoding2(mbfl_string *string, const mbfl_encoding **elist, int el
                        }
                }
        }
- 
+
        /* cleanup */
        /* dtors should be called in reverse order */
        i = num; while (--i >= 0) {
@@ -844,7 +844,7 @@ mbfl_strlen(mbfl_string *string)
        } else {
                /* wchar filter */
                mbfl_convert_filter *filter = mbfl_convert_filter_new(
-                 string->no_encoding, 
+                 string->no_encoding,
                  mbfl_no_encoding_wchar,
                  filter_count_output, 0, &len);
                if (filter == NULL) {
@@ -865,7 +865,7 @@ mbfl_strlen(mbfl_string *string)
        return len;
 }
 
- 
+
 /*
  *  strpos
  */
@@ -931,7 +931,7 @@ retry:
 /*
  *     oddlen
  */
-int 
+int
 mbfl_oddlen(mbfl_string *string)
 {
        int len, n, m, k;
@@ -1071,7 +1071,7 @@ mbfl_strpos(
                                                        ++result;
                                                } else if ((c & 0xc0) != 0x80) {
                                                        ++result;
-                                               }       
+                                               }
                                        }
                                        goto out;
                                }
@@ -1116,7 +1116,7 @@ mbfl_strpos(
                qe = needle_u8_val + needle_u8_len;
                if (offset < 0) {
                        if (-offset > needle_len) {
-                               offset += needle_len; 
+                               offset += needle_len;
                                while (offset < 0) {
                                        unsigned char c;
                                        if (p <= e) {
@@ -1158,7 +1158,7 @@ mbfl_strpos(
                                                        ++result;
                                                } else if ((c & 0xc0) != 0x80) {
                                                        ++result;
-                                               }       
+                                               }
                                        }
                                        goto out;
                                }
@@ -1501,7 +1501,7 @@ mbfl_strcut(
                if (encoding->flag & (MBFL_ENCTYPE_WCS2BE | MBFL_ENCTYPE_WCS2LE)) {
                        from &= -2;
 
-                       if (from + length >= string->len) {
+                       if (length >= string->len - from) {
                                length = string->len - from;
                        }
 
@@ -1510,14 +1510,14 @@ mbfl_strcut(
                } else if (encoding->flag & (MBFL_ENCTYPE_WCS4BE | MBFL_ENCTYPE_WCS4LE)) {
                        from &= -4;
 
-                       if (from + length >= string->len) {
+                       if (length >= string->len - from) {
                                length = string->len - from;
                        }
 
                        start = string->val + from;
                        end   = start + (length & -4);
                } else if ((encoding->flag & MBFL_ENCTYPE_SBCS)) {
-                       if (from + length >= string->len) {
+                       if (length >= string->len - from) {
                                length = string->len - from;
                        }
 
@@ -1539,7 +1539,7 @@ mbfl_strcut(
                        start = p;
 
                        /* search end position */
-                       if ((start - string->val) + length >= (int)string->len) {
+                       if (length >= (int)string->len - (start - string->val)) {
                                end = string->val + string->len;
                        } else {
                                for (q = p + length; p < q; p += (m = mbtab[*p]));
@@ -2024,7 +2024,7 @@ mbfl_ja_jp_hantozen(
                mbfl_no_encoding_wchar,
                (int(*)(int, void*))next_filter->filter_function,
                (int(*)(void*))next_filter->filter_flush,
-               next_filter);   
+               next_filter);
        if (encoder == NULL) {
                goto out;
        }