ext/mbstring: fix new_value length check

Commit 8bbd095 added a check rejecting empty strings; in the merge commiot 379d9a1 however it was changed to a NULL check, one that did not make sense because ZSTR_VAL() is guaranteed to never be NULL; the length check was accidently removed by that merge commit. This bug was found by GCC's -Waddress warning: ext/mbstring/mbstring.c:748:27: warning: the comparison will always evaluate as ‘true’ for the address of ‘val’ will never be NULL [-Waddress] 748 | if (!new_value || !ZSTR_VAL(new_value)) { | ^ Closes GH-10532 Signed-off-by: George Peter Banyard <girgias@php.net>
php · Feb 20, 2023 · 243865a · 243865a
1 parent ae16471
commit 243865a
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 2 deletions.
diff --git a/NEWS b/NEWS
@@ -35,6 +35,9 @@ PHP                                                                        NEWS
   . Fixed JSON scanner and parser generation build.
     (Daniel Black, Jakub Zelenka)
 
+- MBString:
+  . ext/mbstring: fix new_value length check. (Max Kellermann)
+
 - Opcache:
   . Fix incorrect page_size check. (nielsdos)
 
@@ -71,7 +74,7 @@ PHP                                                                        NEWS
 - SAPI:
   . Fixed bug GHSA-54hq-v5wp-fqgv (DOS vulnerability when parsing multipart
     request body). (CVE-2023-0662) (Jakub Zelenka)
- 
+
 02 Feb 2023, PHP 8.1.15
 
 - Apache:

diff --git a/ext/mbstring/mbstring.c b/ext/mbstring/mbstring.c
@@ -745,7 +745,7 @@ static PHP_INI_MH(OnUpdate_mbstring_http_input)
 		php_error_docref("ref.mbstring", E_DEPRECATED, "Use of mbstring.http_input is deprecated");
 	}
 
-	if (!new_value || !ZSTR_VAL(new_value)) {
+	if (!new_value || !ZSTR_LEN(new_value)) {
 		const char *encoding = php_get_input_encoding();
 		MBSTRG(http_input_set) = 0;
 		_php_mb_ini_mbstring_http_input_set(encoding, strlen(encoding));