From: Nikita Popov <nikita.ppv@gmail.com>
Date: Thu, 19 Dec 2019 10:48:20 +0000 (+0100)
Subject: Merge branch 'PHP-7.4'
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=e15915d21c63684395aa76f22c6c5de2025d2783;p=php

Merge branch 'PHP-7.4'

* PHP-7.4:
  Avoid signed integer overflow in string offset check
---

e15915d21c63684395aa76f22c6c5de2025d2783
diff --cc Zend/zend_execute.c
index 95b9dfc1cc,9ae73caae1..6620a71e91
--- a/Zend/zend_execute.c
+++ b/Zend/zend_execute.c
@@@ -2356,9 -2369,9 +2356,9 @@@ try_string_offset
  			offset = Z_LVAL_P(dim);
  		}
  
- 		if (UNEXPECTED(Z_STRLEN_P(container) < (size_t)((offset < 0) ? -offset : (offset + 1)))) {
+ 		if (UNEXPECTED(Z_STRLEN_P(container) < ((offset < 0) ? -(size_t)offset : ((size_t)offset + 1)))) {
  			if (type != BP_VAR_IS) {
 -				zend_error(E_NOTICE, "Uninitialized string offset: " ZEND_LONG_FMT, offset);
 +				zend_error(E_WARNING, "Uninitialized string offset: " ZEND_LONG_FMT, offset);
  				ZVAL_EMPTY_STRING(result);
  			} else {
  				ZVAL_NULL(result);