Fix GH-17400: bindtextdomain segfault with UTF-16 domain value.

devnexen · devnexen · commit e975c27e12ef · 2025-01-09T13:45:59.000Z
The provided domain could be a non ascii value even if not supposed to, in the error reported case was of 4 code points long but domain is "empty" leading to a NULL return. It worked up to 8.3 "by accident" before the zend_string conversion and check prior for emptiness. close GH-17402
diff --git a/NEWS b/NEWS
@@ -25,6 +25,10 @@ PHP                                                                        NEWS
   . Added support for reading GIFs without colormap to bundled libgd. (Andrew
     Burley, cmb)
 
+- Gettext:
+  . Fixed bug GH-17400 (bindtextdomain SEGV on invalid domain).
+    (David Carlier)
+
 - Intl:
   . Fixed bug GH-11874 (intl causing segfault in docker images). (nielsdos)
  
diff --git a/ext/gettext/gettext.c b/ext/gettext/gettext.c
@@ -183,9 +183,9 @@ PHP_FUNCTION(bindtextdomain)
 	char *retval, dir_name[MAXPATHLEN], *btd_result;
 
 	ZEND_PARSE_PARAMETERS_START(1, 2)
-		Z_PARAM_STR(domain)
+		Z_PARAM_PATH_STR(domain)
 		Z_PARAM_OPTIONAL
-		Z_PARAM_STR_OR_NULL(dir)
+		Z_PARAM_PATH_STR_OR_NULL(dir)
 	ZEND_PARSE_PARAMETERS_END();
 
 	PHP_GETTEXT_DOMAIN_LENGTH_CHECK(1, ZSTR_LEN(domain))
diff --git a/ext/gettext/tests/gh17400.phpt b/ext/gettext/tests/gh17400.phpt
@@ -0,0 +1,19 @@
+--TEST--
+GH-17400 bindtextdomain segfaults with invalid domain/domain with null bytes.
+--EXTENSIONS--
+gettext
+--CREDITS--
+YuanchengJiang
+--FILE--
+<?php
+$utf16_first_le = pack("H*", "00d800dc");
+$utf16le_char_bad = pack("H*", "00dc00dc");
+
+try {
+	bindtextdomain($utf16le_char_bad,$utf16_first_le);
+} catch (\ValueError $e) {
+	echo $e->getMessage();
+}
+?>
+--EXPECT--
+bindtextdomain(): Argument #1 ($domain) must not contain any null bytes
