base64_decode: fix bug #72263 (skips char after padding)

diff --git a/ext/standard/base64.c b/ext/standard/base64.c
index 6c890e34fce922fa2e5cb04d26c460c4288eebfd..ea548159c68bbde7f99f3f8cf2e6f7cf8f22bb4d 100644 (file)
--- a/ext/standard/base64.c
+++ b/ext/standard/base64.c
@@ -157,8 +157,9 @@ PHPAPI zend_string *php_base64_decode_ex(const unsigned char *str, size_t length
                                return NULL;
                        }
                        if (length > 0 && *current != '=' && strict) {
-                               while (--length > 0 && isspace(*++current)) {
-                                       continue;
+                               while (length > 0 && isspace(*current)) {
+                                       current++;
+                                       length--;
                                }
                                if (length == 0 || *current == '\0') {
                                        continue;

diff --git a/ext/standard/tests/strings/bug72263.phpt b/ext/standard/tests/strings/bug72263.phpt
new file mode 100644 (file)
index 0000000..d827af2
--- /dev/null
+++ b/ext/standard/tests/strings/bug72263.phpt
@@ -0,0 +1,13 @@
+--TEST--
+Bug #72263 (base64_decode skips a character after padding in strict mode)
+--FILE--
+<?php
+var_dump(base64_decode("*", true));
+var_dump(base64_decode("=*", true));
+var_dump(base64_decode("VVV=", true));
+var_dump(base64_decode("VVV=*", true));
+--EXPECT--
+bool(false)
+bool(false)
+string(2) "UU"
+bool(false)