From 74cc4c8cc636e9b91e400b39cd5bd1fdc02f05a8 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Gustavo=20Andr=C3=A9=20dos=20Santos=20Lopes?=
 <cataphract@php.net>
Date: Tue, 27 Sep 2011 10:57:25 +0000
Subject: [PATCH] - Added tests and NEWS for r306475; see bug #55797. - Removed
 now redundant previous overflow check, which relied on   undefined behavior
 (wraparound) and was ignored in optimized builds.

---
 NEWS                               |  4 ++++
 ext/calendar/gregor.c              |  4 ----
 ext/calendar/tests/bug55797_1.phpt | 36 ++++++++++++++++++++++++++++++
 ext/calendar/tests/bug55797_2.phpt | 36 ++++++++++++++++++++++++++++++
 4 files changed, 76 insertions(+), 4 deletions(-)
 create mode 100644 ext/calendar/tests/bug55797_1.phpt
 create mode 100644 ext/calendar/tests/bug55797_2.phpt

diff --git a/NEWS b/NEWS
index 72322bd7a9..29577d98e9 100644
--- a/NEWS
+++ b/NEWS
@@ -26,6 +26,10 @@ PHP                                                                        NEWS
     (Hannes)
   . Fixed bug #50982 (incorrect assumption of PAGE_SIZE size). (Dmitry)
 
+- Calendar:
+  . Fixed bug #55797 (Integer overflow in SdnToGregorian leads to segfault (in
+    optimized builds). (Gustavo)
+
 - Curl:
   . Fixed bug #54798 (Segfault when CURLOPT_STDERR file pointer is closed
     before calling curl_exec). (Hannes)
diff --git a/ext/calendar/gregor.c b/ext/calendar/gregor.c
index cf9860366c..7e33d36c66 100644
--- a/ext/calendar/gregor.c
+++ b/ext/calendar/gregor.c
@@ -153,10 +153,6 @@ void SdnToGregorian(
 	}
 	temp = (sdn + GREGOR_SDN_OFFSET) * 4 - 1;
 
-	if (temp < 0) {
-		goto fail;
-	}
-
 	/* Calculate the century (year/100). */
 	century = temp / DAYS_PER_400_YEARS;
 
diff --git a/ext/calendar/tests/bug55797_1.phpt b/ext/calendar/tests/bug55797_1.phpt
new file mode 100644
index 0000000000..ffd617dfb7
--- /dev/null
+++ b/ext/calendar/tests/bug55797_1.phpt
@@ -0,0 +1,36 @@
+--TEST--
+Bug #55797: Integer overflow in SdnToGregorian leads to segfault (in optimized builds)
+--SKIPIF--
+<?php
+include 'skipif.inc';
+if (PHP_INT_SIZE != 4) {
+        die("skip this test is for 32bit platform only");
+}
+?>
+--FILE--
+<?php
+$x = 882858030;
+
+var_dump(cal_from_jd($x, CAL_GREGORIAN));
+--EXPECTF--
+array(9) {
+  ["date"]=>
+  string(5) "0/0/0"
+  ["month"]=>
+  int(0)
+  ["day"]=>
+  int(0)
+  ["year"]=>
+  int(0)
+  ["dow"]=>
+  int(%d)
+  ["abbrevdayname"]=>
+  string(%d) "%s"
+  ["dayname"]=>
+  string(%d) "%s"
+  ["abbrevmonth"]=>
+  string(0) ""
+  ["monthname"]=>
+  string(0) ""
+}
+
diff --git a/ext/calendar/tests/bug55797_2.phpt b/ext/calendar/tests/bug55797_2.phpt
new file mode 100644
index 0000000000..2a9183dd8d
--- /dev/null
+++ b/ext/calendar/tests/bug55797_2.phpt
@@ -0,0 +1,36 @@
+--TEST--
+Bug #55797: Integer overflow in SdnToGregorian leads to segfault (in optimized builds)
+--SKIPIF--
+<?php 
+include 'skipif.inc';
+if (PHP_INT_SIZE == 4) {
+        die("skip this test is for 64bit platform only");
+}
+?>
+--FILE--
+<?php
+$x = 9223372036854743639;
+
+var_dump(cal_from_jd($x, CAL_GREGORIAN));
+--EXPECTF--
+array(9) {
+  ["date"]=>
+  string(5) "0/0/0"
+  ["month"]=>
+  int(0)
+  ["day"]=>
+  int(0)
+  ["year"]=>
+  int(0)
+  ["dow"]=>
+  int(%d)
+  ["abbrevdayname"]=>
+  string(%d) "%s"
+  ["dayname"]=>
+  string(%d) "%s"
+  ["abbrevmonth"]=>
+  string(0) ""
+  ["monthname"]=>
+  string(0) ""
+}
+
-- 
2.50.1