Fix for the issue where strlen could potentially become negative

SakiTakamachi · SakiTakamachi · commit 1d13808b7a79 · 2025-05-01T21:20:36.000+09:00
diff --git a/ext/intl/grapheme/grapheme_string.c b/ext/intl/grapheme/grapheme_string.c
@@ -992,8 +992,21 @@ PHP_FUNCTION(grapheme_levenshtein)
 	UBreakIterator *bi1, *bi2;
 
 	int32_t strlen_1, strlen_2;
-	strlen_1 = grapheme_split_string(ustring1, ustring1_len, NULL, 0);
-	strlen_2 = grapheme_split_string(ustring2, ustring2_len, NULL, 0);
+	strlen_1 = grapheme_split_string(ustring1, ustring1_len, NULL, 0, &ustatus);
+	if (UNEXPECTED(strlen_1 < 0)) {
+		intl_error_set_code(NULL, ustatus);
+		intl_error_set_custom_msg(NULL, "Error on grapheme_get_break_iterator for argument #1 ($string1)", 0);
+		RETVAL_FALSE;
+		goto out_ustring2;
+	}
+
+	strlen_2 = grapheme_split_string(ustring2, ustring2_len, NULL, 0, &ustatus);
+	if (UNEXPECTED(strlen_2 < 0)) {
+		intl_error_set_code(NULL, ustatus);
+		intl_error_set_custom_msg(NULL, "Error on grapheme_get_break_iterator for argument #2 ($string2)", 0);
+		RETVAL_FALSE;
+		goto out_ustring2;
+	}
 
 	if (strlen_1 == 0) {
 		RETVAL_LONG(strlen_2 * cost_ins);
diff --git a/ext/intl/grapheme/grapheme_util.c b/ext/intl/grapheme/grapheme_util.c
@@ -226,20 +226,20 @@ zend_long grapheme_ascii_check(const unsigned char *day, size_t len)
 /* }}} */
 
 /* {{{ grapheme_split_string: find and optionally return grapheme boundaries */
-int32_t grapheme_split_string(const UChar *text, int32_t text_length, int boundary_array[], int boundary_array_len )
+int32_t grapheme_split_string(const UChar *text, int32_t text_length, int boundary_array[], int boundary_array_len, UErrorCode *status)
 {
 	unsigned char u_break_iterator_buffer[U_BRK_SAFECLONE_BUFFERSIZE];
-	UErrorCode		status = U_ZERO_ERROR;
+	*status = U_ZERO_ERROR;
 	int ret_len, pos;
 	UBreakIterator* bi;
 
-	bi = grapheme_get_break_iterator((void*)u_break_iterator_buffer, &status );
+	bi = grapheme_get_break_iterator((void*)u_break_iterator_buffer, status);
 
-	if( U_FAILURE(status) ) {
+	if( U_FAILURE(*status) ) {
 		return -1;
 	}
 
-	ubrk_setText(bi, text, text_length,	&status);
+	ubrk_setText(bi, text, text_length,	status);
 
 	pos = 0;
 
diff --git a/ext/intl/grapheme/grapheme_util.h b/ext/intl/grapheme/grapheme_util.h
@@ -28,7 +28,7 @@ zend_long grapheme_strrpos_ascii(char *haystack, size_t haystack_len, char *need
 int32_t grapheme_strrpos_utf16(char *haystack, size_t haystack_len, char *needle, size_t needle_len, int32_t offset, int f_ignore_case);
 int32_t grapheme_strpos_utf16(char *haystack, size_t haystack_len, char *needle, size_t needle_len, int32_t offset, int *puchar_pos, int f_ignore_case, int last);
 
-int32_t grapheme_split_string(const UChar *text, int32_t text_length, int boundary_array[], int boundary_array_len );
+int32_t grapheme_split_string(const UChar *text, int32_t text_length, int boundary_array[], int boundary_array_len, UErrorCode *status);
 
 int32_t grapheme_count_graphemes(UBreakIterator *bi, UChar *string, int32_t string_len);
 
