Fix potential OOB when checking for trailing spaces

cmb69 · cmb69 · commit c810844dec5a · 2025-01-14T15:14:06.000+01:00
If `path_len` is zero, we must not access `path`, let alone try to
subtract `-1` from it.

Since `path` and `path_len` are supposed to come from a `zend_string`,
this is not a security issue.
diff --git a/win32/winutil.c b/win32/winutil.c
@@ -59,7 +59,7 @@ int php_win32_check_trailing_space(const char * path, const size_t path_len)
 	if (path_len > MAXPATHLEN - 1) {
 		return 1;
 	}
-	if (path) {
+	if (path && path_len > 0) {
 		if (path[0] == ' ' || path[path_len - 1] == ' ') {
 			return 0;
 		} else {

Original file line number	Diff line number	Diff line change
`@@ -59,7 +59,7 @@ int php_win32_check_trailing_space(const char * path, const size_t path_len)`
`59`	`59`	`if (path_len > MAXPATHLEN - 1) {`
`60`	`60`	`return 1;`
`61`	`61`	`}`
`62`		`- if (path) {`
	`62`	`+ if (path && path_len > 0) {`
`63`	`63`	`if (path[0] == ' ' \|\| path[path_len - 1] == ' ') {`
`64`	`64`	`return 0;`
`65`	`65`	`} else {`