PHP 8.5.7 `mb_substr()` 'SJIS-mac' size_t underflow (opens in new tab)

Posted by Khashayar Fereidani on Jun 20# PHP 8.5.7 `mb_substr()` 'SJIS-mac' size_t underflow **Author:** Khashayar Fereidani **Disclosure Date:** 2026-06-18 **Advisory:** ## Description The `mb_get_substr()` function in `ext/mbstring/mbstring.c` deliberately skips an early empty return guard for the `SJIS-mac` encoding when `from >= in_len`. As a result, it falls...