From 3305bba32b4815d9f642ab8a08ed8e3daeb3301c Mon Sep 17 00:00:00 2001
From: Antony Dovgal <tony2001@php.net>
Date: Wed, 5 Apr 2006 11:36:28 +0000
Subject: [PATCH] MF51: fix #36944 (strncmp & strncasecmp do not return false
 on negative string length)

---
 Zend/zend_builtin_functions.c | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/Zend/zend_builtin_functions.c b/Zend/zend_builtin_functions.c
index bbbe33b764..275da61b8b 100644
--- a/Zend/zend_builtin_functions.c
+++ b/Zend/zend_builtin_functions.c
@@ -333,6 +333,12 @@ ZEND_FUNCTION(strncmp)
 							  &s1_type, &s2, &s2_len, &s2_type, &count) == FAILURE) {
 		return;
 	}
+
+	if (count < 0) {
+		zend_error(E_WARNING, "Length must be greater than or equal to 0");
+		RETURN_FALSE;
+	}
+	
 	if (s1_type == IS_UNICODE) {
 		RETURN_LONG(zend_u_binary_strncmp(s1, s1_len, s2, s2_len, count));
 	} else {
@@ -376,6 +382,12 @@ ZEND_FUNCTION(strncasecmp)
 							  &s1_type, &s2, &s2_len, &s2_type, &len) == FAILURE) {
 		return;
 	}
+
+	if (len < 0) {
+		zend_error(E_WARNING, "Length must be greater than or equal to 0");
+		RETURN_FALSE;
+	}
+
 	if (s1_type == IS_UNICODE) {
 		RETURN_LONG(zend_u_binary_strncasecmp(s1, s1_len, s2, s2_len, len));
 	} else {
-- 
2.50.1