Fix signed integer overflow

Fixes oss-fuzz #26763.
author: Nikita Popov <nikita.ppv@gmail.com> 2020-10-30 12:37:22 +0100
committer: Nikita Popov <nikita.ppv@gmail.com> 2020-10-30 12:38:27 +0100
commit: 085e16c30176d21ca2ee7b3b0e158ea0f2a7cb28 (patch)
tree: 6b16462adaaf8b72d892911f31359aac1fe93079 /Zend/zend_execute.c
parent: 3bd3651bcc3d374586b291195d1b3471f3f7287d (diff)
download: php-git-085e16c30176d21ca2ee7b3b0e158ea0f2a7cb28.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/Zend/zend_execute.c b/Zend/zend_execute.c
index 1cec01591e..c58e1fa228 100644
--- a/Zend/zend_execute.c
+++ b/Zend/zend_execute.c
@@ -1553,7 +1553,7 @@ static zend_never_inline void zend_assign_to_string_offset(zval *str, zval *dim,
 	if ((size_t)offset >= Z_STRLEN_P(str)) {
 		/* Extend string if needed */
 		zend_long old_len = Z_STRLEN_P(str);
-		ZVAL_NEW_STR(str, zend_string_extend(Z_STR_P(str), offset + 1, 0));
+		ZVAL_NEW_STR(str, zend_string_extend(Z_STR_P(str), (size_t)offset + 1, 0));
 		memset(Z_STRVAL_P(str) + old_len, ' ', offset - old_len);
 		Z_STRVAL_P(str)[offset+1] = 0;
 	} else if (!Z_REFCOUNTED_P(str)) {
author	Nikita Popov <nikita.ppv@gmail.com>	2020-10-30 12:37:22 +0100
committer	Nikita Popov <nikita.ppv@gmail.com>	2020-10-30 12:38:27 +0100
commit	085e16c30176d21ca2ee7b3b0e158ea0f2a7cb28 (patch)
tree	6b16462adaaf8b72d892911f31359aac1fe93079 /Zend/zend_execute.c
parent	3bd3651bcc3d374586b291195d1b3471f3f7287d (diff)
download	php-git-085e16c30176d21ca2ee7b3b0e158ea0f2a7cb28.tar.gz