Fix segfault in mb_strrpos/mb_strripos with ASCII encoding and negative offset

iluuu1994 · iluuu1994 · commit a33be66344ae · 2023-05-10T14:30:15.000+02:00
We're setting the encoding from PHP_FUNCTION(mb_strpos), but mbfl_strpos would discard it, setting it to mbfl_encoding_pass, making zend_memnrstr fail due to a null-pointer exception. Fixes GH-11217
diff --git a/ext/mbstring/libmbfl/mbfl/mbfilter.c b/ext/mbstring/libmbfl/mbfl/mbfilter.c
@@ -594,7 +594,7 @@ mbfl_strpos(
 	const unsigned char *offset_pointer;
 
 	if (haystack->encoding->no_encoding != mbfl_no_encoding_utf8) {
-		mbfl_string_init(&_haystack_u8);
+		mbfl_string_init_set(&_haystack_u8, haystack->encoding);
 		haystack_u8 = mbfl_convert_encoding(haystack, &_haystack_u8, &mbfl_encoding_utf8);
 		if (haystack_u8 == NULL) {
 			result = MBFL_ERROR_ENCODING;
@@ -605,7 +605,7 @@ mbfl_strpos(
 	}
 
 	if (needle->encoding->no_encoding != mbfl_no_encoding_utf8) {
-		mbfl_string_init(&_needle_u8);
+		mbfl_string_init_set(&_needle_u8, needle->encoding);
 		needle_u8 = mbfl_convert_encoding(needle, &_needle_u8, &mbfl_encoding_utf8);
 		if (needle_u8 == NULL) {
 			result = MBFL_ERROR_ENCODING;
diff --git a/ext/mbstring/tests/gh11217.phpt b/ext/mbstring/tests/gh11217.phpt
@@ -0,0 +1,12 @@
+--TEST--
+GH-11217: Segfault in mb_strrpos/mb_strripos with ASCII encoding and negative offset
+--EXTENSIONS--
+mbstring
+--FILE--
+<?php
+var_dump(mb_strrpos('foo', 'foo', -1, 'ASCII'));
+var_dump(mb_strripos('foo', 'foo', -1, 'ASCII'));
+?>
+--EXPECT--
+int(0)
+int(0)
