diff options
author | Nikita Popov <nikita.ppv@gmail.com> | 2021-02-18 10:35:17 +0100 |
---|---|---|
committer | Nikita Popov <nikita.ppv@gmail.com> | 2021-02-18 10:35:17 +0100 |
commit | 4fdaf84cc372b4d1d0c0febdfabd1161fa1b0578 (patch) | |
tree | 6d6daf607beb000cd1aa22af8a2bda489c810309 /ext/standard | |
parent | b87080f3c291c1b619d30ea9394a2eb893136006 (diff) | |
parent | 85ffe8dcdc2fe39e06037e382e012674ee051e1e (diff) | |
download | php-git-4fdaf84cc372b4d1d0c0febdfabd1161fa1b0578.tar.gz |
Merge branch 'PHP-8.0'
* PHP-8.0:
Avoid signed integer overflow in substr()
Diffstat (limited to 'ext/standard')
-rw-r--r-- | ext/standard/string.c | 4 | ||||
-rw-r--r-- | ext/standard/tests/strings/substr_int_min.phpt | 10 |
2 files changed, 12 insertions, 2 deletions
diff --git a/ext/standard/string.c b/ext/standard/string.c index cb37176273..f6af763fd3 100644 --- a/ext/standard/string.c +++ b/ext/standard/string.c @@ -2177,7 +2177,7 @@ PHP_FUNCTION(substr) /* if "from" position is negative, count start position from the end * of the string */ - if ((size_t)-f > ZSTR_LEN(str)) { + if (-(size_t)f > ZSTR_LEN(str)) { f = 0; } else { f = (zend_long)ZSTR_LEN(str) + f; @@ -2191,7 +2191,7 @@ PHP_FUNCTION(substr) /* if "length" position is negative, set it to the length * needed to stop that many chars from the end of the string */ - if ((size_t)(-l) > ZSTR_LEN(str) - (size_t)f) { + if (-(size_t)l > ZSTR_LEN(str) - (size_t)f) { l = 0; } else { l = (zend_long)ZSTR_LEN(str) - f + l; diff --git a/ext/standard/tests/strings/substr_int_min.phpt b/ext/standard/tests/strings/substr_int_min.phpt new file mode 100644 index 0000000000..4c00577e28 --- /dev/null +++ b/ext/standard/tests/strings/substr_int_min.phpt @@ -0,0 +1,10 @@ +--TEST-- +substr() with PHP_INT_MIN offset or length +--FILE-- +<?php +var_dump(substr('x', PHP_INT_MIN)); +var_dump(substr('x', 0, PHP_INT_MIN)); +?> +--EXPECT-- +string(1) "x" +string(0) "" |