From 118ff03335d67c19817ff83d89e634fcd39275ff Mon Sep 17 00:00:00 2001
From: Nikita Popov <nikita.ppv@gmail.com>
Date: Wed, 16 Dec 2020 10:16:50 +0100
Subject: Fix bug #80523

Don't truncate the file length to unsigned int...

I have no idea whether that fully fixes the problem because the
process gets OOM killed before finishing, but at least the
immediate parse error is gone now.
---
 NEWS                         | 3 ++-
 Zend/zend_language_scanner.l | 6 +++---
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/NEWS b/NEWS
index 2d89d66773..a62d492d0d 100644
--- a/NEWS
+++ b/NEWS
@@ -2,7 +2,8 @@ PHP                                                                        NEWS
 |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
 ?? ??? 2021, PHP 7.4.15
 
-
+- Core:
+  . Fixed bug #80523 (bogus parse error on >4GB source code). (Nikita)
 
 07 Jan 2021, PHP 7.4.14
 
diff --git a/Zend/zend_language_scanner.l b/Zend/zend_language_scanner.l
index 3cb739330a..0d515ca901 100644
--- a/Zend/zend_language_scanner.l
+++ b/Zend/zend_language_scanner.l
@@ -177,7 +177,7 @@ static void yy_pop_state(void)
 	zend_stack_del_top(&SCNG(state_stack));
 }
 
-static void yy_scan_buffer(char *str, unsigned int len)
+static void yy_scan_buffer(char *str, size_t len)
 {
 	YYCURSOR       = (YYCTYPE*)str;
 	YYLIMIT        = YYCURSOR + len;
@@ -554,7 +554,7 @@ ZEND_API int open_file_for_scanning(zend_file_handle *file_handle)
 			}
 		}
 		SCNG(yy_start) = (unsigned char *)buf;
-		yy_scan_buffer(buf, (unsigned int)size);
+		yy_scan_buffer(buf, size);
 	} else {
 		zend_error_noreturn(E_COMPILE_ERROR, "zend_stream_mmap() failed");
 	}
@@ -722,7 +722,7 @@ ZEND_API int zend_prepare_string_for_scanning(zval *str, char *filename)
 		}
 	}
 
-	yy_scan_buffer(buf, (unsigned int)size);
+	yy_scan_buffer(buf, size);
 
 	new_compiled_filename = zend_string_init(filename, strlen(filename), 0);
 	zend_set_compiled_filename(new_compiled_filename);
-- 
cgit v1.2.1