From: Matt Wilmas <mattwil@php.net>
Date: Thu, 29 May 2008 11:44:09 +0000 (+0000)
Subject: Fixed overflow crash (at least on Windows) in div_function with LONG_MIN / -1
X-Git-Tag: BEFORE_HEAD_NS_CHANGE~1632
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=d48f694d0a3b9a44a1d48bc6695e0eeb4de40c9e;p=php

Fixed overflow crash (at least on Windows) in div_function with LONG_MIN / -1
To reproduce: (-PHP_INT_MAX - 1) / -1, so op1 is a long
Same cause as Bug #27354 for mod_function
---

diff --git a/Zend/zend_operators.c b/Zend/zend_operators.c
index 7a4fe0510a..f2d1562ee8 100644
--- a/Zend/zend_operators.c
+++ b/Zend/zend_operators.c
@@ -1454,6 +1454,10 @@ ZEND_API int div_function(zval *result, zval *op1, zval *op2 TSRMLS_DC) /* {{{ *
 					zend_error(E_WARNING, "Division by zero");
 					ZVAL_BOOL(result, 0);
 					return FAILURE;			/* division by zero */
+				} else if (Z_LVAL_P(op2) == -1 && Z_LVAL_P(op1) == LONG_MIN) {
+					/* Prevent overflow error/crash */
+					ZVAL_DOUBLE(result, (double) LONG_MIN / -1);
+					return SUCCESS;
 				}
 				if (Z_LVAL_P(op1) % Z_LVAL_P(op2) == 0) { /* integer */
 					ZVAL_LONG(result, Z_LVAL_P(op1) / Z_LVAL_P(op2));