From b31c89c7311d8a7cf44d3f7e677879d34f1560eb Mon Sep 17 00:00:00 2001
From: "Christoph M. Becker" <cmbecker69@gmx.de>
Date: Sat, 10 Oct 2020 14:09:07 +0200
Subject: [PATCH] Fix #80213: imap_mail_compose() segfaults on certain $bodies

We have to cater to non-associative arrays where the key may be `NULL`;
we just skip these elements.
---
 ext/imap/php_imap.c          |  4 ++++
 ext/imap/tests/bug80213.phpt | 21 +++++++++++++++++++++
 2 files changed, 25 insertions(+)
 create mode 100644 ext/imap/tests/bug80213.phpt

diff --git a/ext/imap/php_imap.c b/ext/imap/php_imap.c
index 5511b2c1c41f2..8e0cea4ef7ad5 100644
--- a/ext/imap/php_imap.c
+++ b/ext/imap/php_imap.c
@@ -3645,6 +3645,7 @@ PHP_FUNCTION(imap_mail_compose)
 				if(Z_TYPE_P(pvalue) == IS_ARRAY) {
 					disp_param = tmp_param = NULL;
 					ZEND_HASH_FOREACH_STR_KEY_VAL(Z_ARRVAL_P(pvalue), key, disp_data) {
+						if (key == NULL) continue;
 						disp_param = mail_newbody_parameter();
 						disp_param->attribute = cpystr(ZSTR_VAL(key));
 						convert_to_string_ex(disp_data);
@@ -3677,6 +3678,7 @@ PHP_FUNCTION(imap_mail_compose)
 				if (Z_TYPE_P(pvalue) == IS_ARRAY) {
 					disp_param = tmp_param = NULL;
 					ZEND_HASH_FOREACH_STR_KEY_VAL(Z_ARRVAL_P(pvalue), key, disp_data) {
+						if (key == NULL) continue;
 						disp_param = mail_newbody_parameter();
 						disp_param->attribute = cpystr(ZSTR_VAL(key));
 						convert_to_string_ex(disp_data);
@@ -3745,6 +3747,7 @@ PHP_FUNCTION(imap_mail_compose)
 				if (Z_TYPE_P(pvalue) == IS_ARRAY) {
 					disp_param = tmp_param = NULL;
 					ZEND_HASH_FOREACH_STR_KEY_VAL(Z_ARRVAL_P(pvalue), key, disp_data) {
+						if (key == NULL) continue;
 						disp_param = mail_newbody_parameter();
 						disp_param->attribute = cpystr(ZSTR_VAL(key));
 						convert_to_string_ex(disp_data);
@@ -3777,6 +3780,7 @@ PHP_FUNCTION(imap_mail_compose)
 				if (Z_TYPE_P(pvalue) == IS_ARRAY) {
 					disp_param = tmp_param = NULL;
 					ZEND_HASH_FOREACH_STR_KEY_VAL(Z_ARRVAL_P(pvalue), key, disp_data) {
+						if (key == NULL) continue;
 						disp_param = mail_newbody_parameter();
 						disp_param->attribute = cpystr(ZSTR_VAL(key));
 						convert_to_string_ex(disp_data);
diff --git a/ext/imap/tests/bug80213.phpt b/ext/imap/tests/bug80213.phpt
new file mode 100644
index 0000000000000..9a7961df776d7
--- /dev/null
+++ b/ext/imap/tests/bug80213.phpt
@@ -0,0 +1,21 @@
+--TEST--
+Bug #80213 (imap_mail_compose() segfaults on certain $bodies)
+--SKIPIF--
+<?php
+if (!extension_loaded('imap')) die('skip imap extension not available');
+?>
+--FILE--
+<?php
+$envelope = [];
+$body = [[
+    'type.parameters' => ['param'],
+    'disposition' => ['disp'],
+], [
+    'type.parameters' => ['param'],
+    'disposition' => ['disp'],
+]];
+imap_mail_compose($envelope, $body);
+echo "done\n";
+?>
+--EXPECT--
+done