From: Nikita Popov <nikita.ppv@gmail.com>
Date: Fri, 20 Dec 2019 11:11:07 +0000 (+0100)
Subject: Fix string offset signed int UB in jit as well
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=2bc0a6e97f7e9f643d8d181ac0ffd6b40757aae7;p=php

Fix string offset signed int UB in jit as well
---

diff --git a/ext/opcache/jit/zend_jit_helpers.c b/ext/opcache/jit/zend_jit_helpers.c
index 0efd07c3dc..e2ba36c9ee 100644
--- a/ext/opcache/jit/zend_jit_helpers.c
+++ b/ext/opcache/jit/zend_jit_helpers.c
@@ -610,7 +610,7 @@ try_string_offset:
 		offset = Z_LVAL_P(dim);
 	}
 
-	if (UNEXPECTED(Z_STRLEN_P(container) < (size_t)((offset < 0) ? -offset : (offset + 1)))) {
+	if (UNEXPECTED(Z_STRLEN_P(container) < ((offset < 0) ? -(size_t)offset : ((size_t)offset + 1)))) {
 		zend_error(E_WARNING, "Uninitialized string offset: " ZEND_LONG_FMT, offset);
 		ZVAL_EMPTY_STRING(result);
 	} else {
@@ -658,7 +658,7 @@ try_string_offset:
 		offset = Z_LVAL_P(dim);
 	}
 
-	if (UNEXPECTED(Z_STRLEN_P(container) < (size_t)((offset < 0) ? -offset : (offset + 1)))) {
+	if (UNEXPECTED(Z_STRLEN_P(container) < ((offset < 0) ? -(size_t)offset : ((size_t)offset + 1)))) {
 		ZVAL_NULL(result);
 	} else {
 		zend_uchar c;