Fixed bug #77165

Also add some helper macros for PROTECT/UNPROTECT that check for
IMMUTABLE. These checks are needed for nearly any use of
PROTECT/UNPROTECT.

Author: nikic

NEWS

@@ -6,6 +6,10 @@ PHP                                                                        NEWS
   . Fixed bug #77147 (Fixing 60494 ignored ICONV_MIME_DECODE_CONTINUE_ON_ERROR).
     (cmb)
 
+- MBstring:
+  . Fixed bug #77165 (mb_check_encoding crashes when argument given an empty
+    array). (Nikita)
+
 - SOAP:
   . Fixed bug #77141 (Signedness issue in SOAP when precision=-1). (cmb)
 

Zend/zend_types.h

@@ -570,6 +570,14 @@ static zend_always_inline uint32_t zval_gc_info(uint32_t gc_type_info) {
 		GC_DEL_FLAGS(p, GC_PROTECTED); \
 	} while (0)
 
+#define GC_TRY_PROTECT_RECURSION(p) do { \
+		if (!(GC_FLAGS(p) & GC_IMMUTABLE)) GC_PROTECT_RECURSION(p); \
+	} while (0)
+
+#define GC_TRY_UNPROTECT_RECURSION(p) do { \
+		if (!(GC_FLAGS(p) & GC_IMMUTABLE)) GC_UNPROTECT_RECURSION(p); \
+	} while (0)
+
 #define Z_IS_RECURSIVE(zval)        GC_IS_RECURSIVE(Z_COUNTED(zval))
 #define Z_PROTECT_RECURSION(zval)   GC_PROTECT_RECURSION(Z_COUNTED(zval))
 #define Z_UNPROTECT_RECURSION(zval) GC_UNPROTECT_RECURSION(Z_COUNTED(zval))

ext/mbstring/mbstring.c

@@ -3125,7 +3125,7 @@ MBSTRING_API HashTable *php_mb_convert_encoding_recursive(HashTable *input, cons
 		php_error_docref(NULL, E_WARNING, "Cannot convert recursively referenced values");
 		return NULL;
 	}
-	GC_PROTECT_RECURSION(input);
+	GC_TRY_PROTECT_RECURSION(input);
 	output = zend_new_array(zend_hash_num_elements(input));
 	ZEND_HASH_FOREACH_KEY_VAL(input, idx, key, entry) {
 		/* convert key */
@@ -3170,7 +3170,7 @@ MBSTRING_API HashTable *php_mb_convert_encoding_recursive(HashTable *input, cons
 			zend_hash_index_add(output, idx, &entry_tmp);
 		}
 	} ZEND_HASH_FOREACH_END();
-	GC_UNPROTECT_RECURSION(input);
+	GC_TRY_UNPROTECT_RECURSION(input);
 
 	return output;
 }
@@ -4738,7 +4738,7 @@ MBSTRING_API int php_mb_check_encoding_recursive(HashTable *vars, const zend_str
 		php_error_docref(NULL, E_WARNING, "Cannot not handle circular references");
 		return 0;
 	}
-	GC_PROTECT_RECURSION(vars);
+	GC_TRY_PROTECT_RECURSION(vars);
 	ZEND_HASH_FOREACH_KEY_VAL(vars, idx, key, entry) {
 		ZVAL_DEREF(entry);
 		if (key) {
@@ -4772,7 +4772,7 @@ MBSTRING_API int php_mb_check_encoding_recursive(HashTable *vars, const zend_str
 				break;
 		}
 	} ZEND_HASH_FOREACH_END();
-	GC_UNPROTECT_RECURSION(vars);
+	GC_TRY_UNPROTECT_RECURSION(vars);
 	mbfl_buffer_converter_delete(convd);
 	return valid;
 }

ext/mbstring/tests/bug77165.phpt

@@ -0,0 +1,11 @@
+--TEST--
+Bug #77165: mb_check_encoding crashes when argument given an empty array
+--FILE--
+<?php
+var_dump(mb_check_encoding(array()));
+var_dump(mb_convert_encoding(array(), 'UTF-8'));
+?>
+--EXPECT--
+bool(true)
+array(0) {
+}