From c810844dec5ab83591905078cde8266ca26f772c Mon Sep 17 00:00:00 2001
From: "Christoph M. Becker" <cmbecker69@gmx.de>
Date: Tue, 14 Jan 2025 15:12:48 +0100
Subject: [PATCH 1/2] Fix potential OOB when checking for trailing spaces

If `path_len` is zero, we must not access `path`, let alone try to
subtract `-1` from it.

Since `path` and `path_len` are supposed to come from a `zend_string`,
this is not a security issue.
---
 win32/winutil.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/win32/winutil.c b/win32/winutil.c
index e09944d131b9b..4c8ae3094ae7b 100644
--- a/win32/winutil.c
+++ b/win32/winutil.c
@@ -59,7 +59,7 @@ int php_win32_check_trailing_space(const char * path, const size_t path_len)
 	if (path_len > MAXPATHLEN - 1) {
 		return 1;
 	}
-	if (path) {
+	if (path && path_len > 0) {
 		if (path[0] == ' ' || path[path_len - 1] == ' ') {
 			return 0;
 		} else {

From ab5cd7befc93bf1942e902e0c7eb91569729bbc8 Mon Sep 17 00:00:00 2001
From: "Christoph M. Becker" <cmbecker69@gmx.de>
Date: Wed, 15 Jan 2025 14:59:56 +0100
Subject: [PATCH 2/2] stick closer to current behavior

---
 win32/winutil.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/win32/winutil.c b/win32/winutil.c
index 4c8ae3094ae7b..35cc0fc4e2e23 100644
--- a/win32/winutil.c
+++ b/win32/winutil.c
@@ -56,10 +56,10 @@ PHP_WINUTIL_API void php_win32_error_msg_free(char *msg)
 
 int php_win32_check_trailing_space(const char * path, const size_t path_len)
 {/*{{{*/
-	if (path_len > MAXPATHLEN - 1) {
+	if (path_len == 0 || path_len > MAXPATHLEN - 1) {
 		return 1;
 	}
-	if (path && path_len > 0) {
+	if (path) {
 		if (path[0] == ' ' || path[path_len - 1] == ' ') {
 			return 0;
 		} else {