From 085e16c30176d21ca2ee7b3b0e158ea0f2a7cb28 Mon Sep 17 00:00:00 2001 From: Nikita Popov Date: Fri, 30 Oct 2020 12:37:22 +0100 Subject: Fix signed integer overflow Fixes oss-fuzz #26763. --- Zend/zend_execute.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'Zend/zend_execute.c') diff --git a/Zend/zend_execute.c b/Zend/zend_execute.c index 1cec01591e..c58e1fa228 100644 --- a/Zend/zend_execute.c +++ b/Zend/zend_execute.c @@ -1553,7 +1553,7 @@ static zend_never_inline void zend_assign_to_string_offset(zval *str, zval *dim, if ((size_t)offset >= Z_STRLEN_P(str)) { /* Extend string if needed */ zend_long old_len = Z_STRLEN_P(str); - ZVAL_NEW_STR(str, zend_string_extend(Z_STR_P(str), offset + 1, 0)); + ZVAL_NEW_STR(str, zend_string_extend(Z_STR_P(str), (size_t)offset + 1, 0)); memset(Z_STRVAL_P(str) + old_len, ' ', offset - old_len); Z_STRVAL_P(str)[offset+1] = 0; } else if (!Z_REFCOUNTED_P(str)) { -- cgit v1.2.1