fix null pointer dereference in php_mail_detect_multiple_crlf via error_log

ext/standard/basic_functions.c

@@ -1349,11 +1349,17 @@ PHPAPI zend_result _php_error_log(int opt_err, const zend_string *message, const
 {
 	php_stream *stream = NULL;
 	size_t nbytes;
+	const char *hdrs = NULL;
 
 	switch (opt_err)
 	{
 		case 1:		/*send an email */
-			if (!php_mail(ZSTR_VAL(opt), "PHP error_log message", ZSTR_VAL(message), ZSTR_VAL(headers), NULL)) {
+			if (!opt) {
+				return FAILURE;
+			}
+
+			hdrs = headers ? ZSTR_VAL(headers) : NULL;
+			if (!php_mail(ZSTR_VAL(opt), "PHP error_log message", ZSTR_VAL(message), hdrs, NULL)) {
 				return FAILURE;
 			}
 			break;

tests/basic/gh20858.phpt

@@ -0,0 +1,36 @@
+--TEST--
+GH-20858 Null pointer dereference in php_mail_detect_multiple_crlf via error_log
+--INI--
+sendmail_path={MAIL:{PWD}/gh20858.eml}
+mail.add_x_header=off
+--FILE--
+<?php
+
+$headers  = "From: test <mail@domain.tld>\n";
+$headers .= "Cc: test <mail@domain.tld>\n"; 
+$headers .= 'X-Mailer: PHP/' . phpversion();
+
+// Send mail with nothing set
+var_dump(error_log("Error message", 1, null));
+
+// Send mail with destination set
+var_dump(error_log("Error message with dest", 1, "default@domain.tld", null));
+
+// Send mail with custom headers and no mailer to
+var_dump(error_log("Error message cust headers", 1, null, $headers));
+
+// Send mail with destination set + custom headers
+var_dump(error_log("Error message with both", 1, "default@domain.tld", $headers));
+?>
+--CLEAN--
+<?php
+$filePath = __DIR__ . "/gh20858.eml";
+if (file_exists($filePath)) {
+    unlink($filePath);
+}
+?>
+--EXPECTF--
+bool(false)
+bool(true)
+bool(false)
+bool(true)