From 6d208d38d24a423b85eb814c3c5cdff8d9327bb4 Mon Sep 17 00:00:00 2001
From: low-batt <86170219+low-batt@users.noreply.github.com>
Date: Mon, 24 Apr 2023 21:56:38 -0400
Subject: [PATCH] charset_conv: fix memory corruption in mp_iconv_to_utf8

If mp_iconv_to_utf8 was given an empty string to convert in the buf
parameter it would corrupt memory when writing a null into outbuf
before returning it to the caller. This happened when streaming from a
URL that ends in a slash. For such a URL the method mp_basename returns
an empty string. The method append_dir_subtitles passes the result
returned from mp_basename to mp_iconv_to_utf8 which then corrupts
memory. This was detected using Guard Malloc. The fix changes
mp_iconv_to_utf8 check up front if buf is empty and if it is return
buf as the result in compliance with the documented behavior of the
method when no conversion is needed.

Fixes #11626
---
 misc/charset_conv.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/misc/charset_conv.c b/misc/charset_conv.c
index 51e55c6338..cbd1c70afb 100644
--- a/misc/charset_conv.c
+++ b/misc/charset_conv.c
@@ -161,6 +161,9 @@ const char *mp_charset_guess(void *talloc_ctx, struct mp_log *log,  bstr buf,
 bstr mp_iconv_to_utf8(struct mp_log *log, bstr buf, const char *cp, int flags)
 {
 #if HAVE_ICONV
+    if (!buf.len)
+        return buf;
+
     if (!cp || !cp[0] || mp_charset_is_utf8(cp))
         return buf;