From 94c9dc498ffdedd9ae91357bd3345ba31f232220 Mon Sep 17 00:00:00 2001
From: "Christoph M. Becker" <cmbecker69@gmx.de>
Date: Wed, 22 Jan 2020 09:43:51 +0100
Subject: [PATCH] Fix #79149: SEGV in mb_convert_encoding with non-string
 encodings

We must not assume that `hash_entry` `IS_STRING`, but rather use
`encoding_str` which is guaranteed to be.
---
 NEWS                             |  4 ++++
 ext/mbstring/mbstring.c          |  6 +++---
 ext/mbstring/tests/bug79149.phpt | 21 +++++++++++++++++++++
 3 files changed, 28 insertions(+), 3 deletions(-)
 create mode 100644 ext/mbstring/tests/bug79149.phpt

diff --git a/NEWS b/NEWS
index 2f59ce7987..3b7b792db8 100644
--- a/NEWS
+++ b/NEWS
@@ -16,6 +16,10 @@ PHP                                                                        NEWS
   . Fixed bug #79112 (IMAP extension can't find OpenSSL libraries at configure
     time). (Nikita)
 
+- MBString:
+  . Fixed bug #79149 (SEGV in mb_convert_encoding with non-string encodings).
+    (cmb)
+
 - MySQLnd:
   . Fixed bug #79084 (mysqlnd may fetch wrong column indexes with MYSQLI_BOTH).
     (cmb)
diff --git a/ext/mbstring/mbstring.c b/ext/mbstring/mbstring.c
index a18d237df2..c0ba05cba3 100644
--- a/ext/mbstring/mbstring.c
+++ b/ext/mbstring/mbstring.c
@@ -3369,12 +3369,12 @@ PHP_FUNCTION(mb_convert_encoding)
 
 					if ( _from_encodings) {
 						l = strlen(_from_encodings);
-						n = strlen(Z_STRVAL_P(hash_entry));
+						n = strlen(ZSTR_VAL(encoding_str));
 						_from_encodings = erealloc(_from_encodings, l+n+2);
 						memcpy(_from_encodings + l, ",", 1);
-						memcpy(_from_encodings + l + 1, Z_STRVAL_P(hash_entry), Z_STRLEN_P(hash_entry) + 1);
+						memcpy(_from_encodings + l + 1, ZSTR_VAL(encoding_str), ZSTR_LEN(encoding_str) + 1);
 					} else {
-						_from_encodings = estrdup(Z_STRVAL_P(hash_entry));
+						_from_encodings = estrdup(ZSTR_VAL(encoding_str));
 					}
 					zend_string_release(encoding_str);
 				} ZEND_HASH_FOREACH_END();
diff --git a/ext/mbstring/tests/bug79149.phpt b/ext/mbstring/tests/bug79149.phpt
new file mode 100644
index 0000000000..fc3751d933
--- /dev/null
+++ b/ext/mbstring/tests/bug79149.phpt
@@ -0,0 +1,21 @@
+--TEST--
+Bug #79149 (SEGV in mb_convert_encoding with non-string encodings)
+--SKIPIF--
+<?php
+if (!extension_loaded('mbstring')) die('skip mbstring extension not available');
+?>
+--FILE--
+<?php
+var_dump(mb_convert_encoding("", "UTF-8", [0]));
+var_dump(mb_convert_encoding('foo', 'UTF-8', array(['bar'], ['baz'])));
+?>
+--EXPECTF--
+Warning: mb_convert_encoding(): Illegal character encoding specified in %s on line %d
+string(0) ""
+
+Notice: Array to string conversion in %s on line %d
+
+Notice: Array to string conversion in %s on line %d
+
+Warning: mb_convert_encoding(): Illegal character encoding specified in %s on line %d
+string(3) "foo"
-- 
2.49.0