From: Nikita Popov <nikita.ppv@gmail.com>
Date: Wed, 19 Jun 2019 12:03:34 +0000 (+0200)
Subject: Avoid more UB in round()
X-Git-Tag: php-7.4.0alpha2~51^2~15
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=8740533ddf5665846cb5f386625efab2f7462cf7;p=php

Avoid more UB in round()
---

diff --git a/Zend/zend_strtod.c b/Zend/zend_strtod.c
index f327ef4cd5..96d3ec8c95 100644
--- a/Zend/zend_strtod.c
+++ b/Zend/zend_strtod.c
@@ -2705,7 +2705,7 @@ zend_strtod
 				L = c - '0';
 				s1 = s;
 				while((c = *++s) >= '0' && c <= '9')
-					L = 10*L + c - '0';
+					L = 10*L + (c - '0');
 				if (s - s1 > 8 || L > 19999)
 					/* Avoid confusion from exponents
 					 * so large that e might overflow.
diff --git a/ext/standard/math.c b/ext/standard/math.c
index 5172bbbd6e..ddee343b1d 100644
--- a/ext/standard/math.c
+++ b/ext/standard/math.c
@@ -141,7 +141,7 @@ PHPAPI double _php_math_round(double value, int places, int mode) {
 	/* If the decimal precision guaranteed by FP arithmetic is higher than
 	   the requested places BUT is small enough to make sure a non-zero value
 	   is returned, pre-round the result to the precision */
-	if (precision_places > places && precision_places - places < 15) {
+	if (precision_places > places && precision_places - 15 < places) {
 		int64_t use_precision = precision_places < INT_MIN+1 ? INT_MIN+1 : precision_places;
 
 		f2 = php_intpow10(abs((int)use_precision));