diff options
| -rw-r--r-- | Zend/tests/string_offset_int_min_max.phpt | 16 | ||||
| -rw-r--r-- | Zend/zend_execute.c | 2 |
2 files changed, 17 insertions, 1 deletions
diff --git a/Zend/tests/string_offset_int_min_max.phpt b/Zend/tests/string_offset_int_min_max.phpt new file mode 100644 index 0000000000..b8bd4bcd6b --- /dev/null +++ b/Zend/tests/string_offset_int_min_max.phpt @@ -0,0 +1,16 @@ +--TEST-- +Accessing PHP_INT_MAX and PHP_INT_MIN as string offsets +--FILE-- +<?php + +$str = ""; +var_dump($str[PHP_INT_MAX]); +var_dump($str[PHP_INT_MIN]); + +?> +--EXPECTF-- +Notice: Uninitialized string offset: %d in %s on line %d +string(0) "" + +Notice: Uninitialized string offset: -%d in %s on line %d +string(0) "" diff --git a/Zend/zend_execute.c b/Zend/zend_execute.c index 3b980e8776..9ae73caae1 100644 --- a/Zend/zend_execute.c +++ b/Zend/zend_execute.c @@ -2369,7 +2369,7 @@ try_string_offset: offset = Z_LVAL_P(dim); } - if (UNEXPECTED(Z_STRLEN_P(container) < (size_t)((offset < 0) ? -offset : (offset + 1)))) { + if (UNEXPECTED(Z_STRLEN_P(container) < ((offset < 0) ? -(size_t)offset : ((size_t)offset + 1)))) { if (type != BP_VAR_IS) { zend_error(E_NOTICE, "Uninitialized string offset: " ZEND_LONG_FMT, offset); ZVAL_EMPTY_STRING(result); |