From: Nikita Popov <nikita.ppv@gmail.com>
Date: Thu, 20 Jun 2019 11:06:56 +0000 (+0200)
Subject: Avoid address calculation overflow
X-Git-Tag: php-7.4.0alpha2~34
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=e8ae19223c998fdfe790d368775c5f271e5bdbd9;p=php

Avoid address calculation overflow
---

diff --git a/ext/standard/string.c b/ext/standard/string.c
index 1fcbe1e493..a40a2c36ca 100644
--- a/ext/standard/string.c
+++ b/ext/standard/string.c
@@ -2196,7 +2196,7 @@ PHP_FUNCTION(strripos)
 				php_error_docref(NULL, E_WARNING, "Offset is greater than the length of haystack string");
 				RETURN_FALSE;
 			}
-			e = ZSTR_VAL(haystack) + ZSTR_LEN(haystack) + (size_t)offset;
+			e = ZSTR_VAL(haystack) + (ZSTR_LEN(haystack) + (size_t)offset);
 		}
 		/* Borrow that ord_needle buffer to avoid repeatedly tolower()ing needle */
 		*ZSTR_VAL(ord_needle) = tolower(*ZSTR_VAL(needle));