Validate UTF-8 in scalar phongo_zval_to_bson_value path

alcaeus · alcaeus · commit 8c5e25480a8c · 2026-05-05T16:08:53.000+02:00
The IS_STRING branch wrote the PHP string verbatim into the
bson_value_t without checking that it was valid UTF-8, while the
phongo_bson_append document-encoding path already validates. Match the
existing pattern so that invalid UTF-8 is rejected with an exception
in both code paths.
diff --git a/src/phongo_bson_encode.c b/src/phongo_bson_encode.c
@@ -643,6 +643,11 @@ bool phongo_zval_to_bson_value(zval* data, bson_value_t* value)
 			return true;
 
 		case IS_STRING:
+			if (!bson_utf8_validate(Z_STRVAL_P(data), Z_STRLEN_P(data), true)) {
+				phongo_throw_exception(PHONGO_ERROR_UNEXPECTED_VALUE, "Detected invalid UTF-8 in string value");
+				return false;
+			}
+
 			value->value_type       = BSON_TYPE_UTF8;
 			value->value.v_utf8.len = Z_STRLEN_P(data);
 
