Fixed overflow crash (at least on Windows) in div_function with LONG_MIN / -1

To reproduce: (-PHP_INT_MAX - 1) / -1, so op1 is a long
Same cause as Bug #27354 for mod_function

diff --git a/Zend/zend_operators.c b/Zend/zend_operators.c
index 7a4fe0510a2bb68ba736b711516286b82e24333f..f2d1562ee8e15bd128d4cd5eae82f515295f1136 100644 (file)
--- a/Zend/zend_operators.c
+++ b/Zend/zend_operators.c
@@ -1454,6 +1454,10 @@ ZEND_API int div_function(zval *result, zval *op1, zval *op2 TSRMLS_DC) /* {{{ *
                                        zend_error(E_WARNING, "Division by zero");
                                        ZVAL_BOOL(result, 0);
                                        return FAILURE;                 /* division by zero */
+                               } else if (Z_LVAL_P(op2) == -1 && Z_LVAL_P(op1) == LONG_MIN) {
+                                       /* Prevent overflow error/crash */
+                                       ZVAL_DOUBLE(result, (double) LONG_MIN / -1);
+                                       return SUCCESS;
                                }
                                if (Z_LVAL_P(op1) % Z_LVAL_P(op2) == 0) { /* integer */
                                        ZVAL_LONG(result, Z_LVAL_P(op1) / Z_LVAL_P(op2));