From 5dc6392d257fa8a4c3a8938e9e0e36ae44a6834e Mon Sep 17 00:00:00 2001
From: Nikita Popov <nikita.ppv@gmail.com>
Date: Tue, 28 Nov 2017 23:10:50 +0100
Subject: [PATCH] Fixed bug #75575

These functions are never called with needle longer than haystack,
but it makes sense to explicitly check for this, especially as we
already perform a check for empty haystack anyway, which is
naturally subsumed by a haystack_len < needle_len check.
---
 Zend/zend_operators.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Zend/zend_operators.c b/Zend/zend_operators.c
index 540f97943e..cad8d1dff4 100644
--- a/Zend/zend_operators.c
+++ b/Zend/zend_operators.c
@@ -3049,7 +3049,7 @@ ZEND_API const char* ZEND_FASTCALL zend_memnstr_ex(const char *haystack, const c
 	register size_t i;
 	register const char *p;
 
-	if (needle_len == 0 || (end - haystack) == 0) {
+	if (needle_len == 0 || (end - haystack) < needle_len) {
 		return NULL;
 	}
 
@@ -3083,7 +3083,7 @@ ZEND_API const char* ZEND_FASTCALL zend_memnrstr_ex(const char *haystack, const
 	register size_t i;
 	register const char *p;
 
-	if (needle_len == 0 || (end - haystack) == 0) {
+	if (needle_len == 0 || (end - haystack) < needle_len) {
 		return NULL;
 	}
 
-- 
2.50.1