From 27f168cf638183716d02ff1973856c8d5ef71273 Mon Sep 17 00:00:00 2001 From: "Christoph M. Becker" Date: Thu, 9 May 2019 16:54:11 +0200 Subject: [PATCH] Fix erroneous assertions Since PHP strings are binary safe (i.e. they may contain NUL bytes), we must not assume that strlen()/wcslen() actually return the length of the string. Only if the given in_len is zero, it is safe to assert this. --- win32/codepage.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/win32/codepage.c b/win32/codepage.c index 25cd4d786f..86b7179c3e 100644 --- a/win32/codepage.c +++ b/win32/codepage.c @@ -63,7 +63,7 @@ __forceinline static wchar_t *php_win32_cp_to_w_int(const char* in, size_t in_le } assert(ret ? tmp_len == ret_len : 1); - assert(ret ? wcslen(ret) == ret_len - 1 : 1); + assert(ret && !in_len ? wcslen(ret) == ret_len - 1 : 1); ret[ret_len-1] = L'\0'; @@ -97,7 +97,10 @@ PW32CP wchar_t *php_win32_cp_conv_ascii_to_w(const char* in, size_t in_len, size {/*{{{*/ wchar_t *ret = NULL; const char *idx = in, *end; - +#if PHP_DEBUG + size_t save_in_len = in_len; +#endif + assert(in && in_len ? in[in_len] == '\0' : 1); if (!in) { @@ -154,7 +157,7 @@ PW32CP wchar_t *php_win32_cp_conv_ascii_to_w(const char* in, size_t in_len, size } while (i < in_len); ret[in_len] = L'\0'; - assert(ret ? wcslen(ret) == in_len : 1); + assert(ret && !save_in_len ? wcslen(ret) == in_len : 1); if (PHP_WIN32_CP_IGNORE_LEN_P != out_len) { *out_len = in_len; @@ -202,7 +205,7 @@ __forceinline static char *php_win32_cp_from_w_int(const wchar_t* in, size_t in_ } assert(target ? r == target_len : 1); - assert(target ? strlen(target) == target_len - 1 : 1); + assert(target && !in_len ? strlen(target) == target_len - 1 : 1); target[target_len-1] = '\0'; -- 2.40.0