Avoid more UB in round()

diff --git a/Zend/zend_strtod.c b/Zend/zend_strtod.c
index f327ef4cd502ec9e5a1655f7740875a659fd4f94..96d3ec8c95817cbcec7ae7867c61a5df0874e327 100644 (file)
--- a/Zend/zend_strtod.c
+++ b/Zend/zend_strtod.c
@@ -2705,7 +2705,7 @@ zend_strtod
                                L = c - '0';
                                s1 = s;
                                while((c = *++s) >= '0' && c <= '9')
-                                       L = 10*L + c - '0';
+                                       L = 10*L + (c - '0');
                                if (s - s1 > 8 || L > 19999)
                                        /* Avoid confusion from exponents
                                         * so large that e might overflow.

diff --git a/ext/standard/math.c b/ext/standard/math.c
index 5172bbbd6e62d48ad211e4a9c45f918bf03cb483..ddee343b1d36b509906a7d967604c6d88178755f 100644 (file)
--- a/ext/standard/math.c
+++ b/ext/standard/math.c
@@ -141,7 +141,7 @@ PHPAPI double _php_math_round(double value, int places, int mode) {
        /* If the decimal precision guaranteed by FP arithmetic is higher than
           the requested places BUT is small enough to make sure a non-zero value
           is returned, pre-round the result to the precision */
-       if (precision_places > places && precision_places - places < 15) {
+       if (precision_places > places && precision_places - 15 < places) {
                int64_t use_precision = precision_places < INT_MIN+1 ? INT_MIN+1 : precision_places;
 
                f2 = php_intpow10(abs((int)use_precision));