]> granicus.if.org Git - php/commitdiff
projects / php / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: c2ac030)
fix more places with subtle negative zend_long to size_t cast
authorAnatol Belski <ab@php.net>
Mon, 29 Jun 2015 09:35:36 +0000 (11:35 +0200)
committerAnatol Belski <ab@php.net>
Mon, 29 Jun 2015 10:15:21 +0000 (12:15 +0200)
ext/standard/string.c patch | blob | history

diff --git a/ext/standard/string.c b/ext/standard/string.c
index 0a5e8bec4dbcf5194a1cf98af83c07cbf53af804..1ce301e9cc162b5d3f8b5c18dc64fc9fc3e090f9 100644 (file)
--- a/ext/standard/string.c
+++ b/ext/standard/string.c
@@ -2563,9 +2563,10 @@ PHP_FUNCTION(substr_replace)
                                        f = zval_get_long(tmp_from);
 
                                        if (f < 0) {
-                                               f = orig_str->len + f;
-                                               if (f < 0) {
+                                               if (-f > orig_str->len) {
                                                        f = 0;
+                                               } else {
+                                                       f = orig_str->len + f;
                                                }
                                        } else if (f > orig_str->len) {
                                                f = orig_str->len;
@@ -2577,9 +2578,10 @@ PHP_FUNCTION(substr_replace)
                        } else {
                                f = Z_LVAL_P(from);
                                if (f < 0) {
-                                       f = orig_str->len + f;
-                                       if (f < 0) {
+                                       if (-f > orig_str->len) {
                                                f = 0;
+                                       } else {
+                                               f = orig_str->len + f;
                                        }
                                } else if (f > orig_str->len) {
                                        f = orig_str->len;
Unnamed repository; edit this file 'description' to name the repository.