From 82a34e71c59010b64cf0104789da66d0c4d26b9c Mon Sep 17 00:00:00 2001 From: Nikita Popov Date: Wed, 19 Jun 2019 12:53:10 +0200 Subject: [PATCH] Avoid overflow UB in is_numeric_string We intentionally overflow the signed space here, so make this an unsigned variable and only cast to signed at the end. --- Zend/zend_operators.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Zend/zend_operators.c b/Zend/zend_operators.c index 6033fafebe..384884965d 100644 --- a/Zend/zend_operators.c +++ b/Zend/zend_operators.c @@ -3035,7 +3035,7 @@ ZEND_API zend_uchar ZEND_FASTCALL _is_numeric_string_ex(const char *str, size_t int digits = 0, dp_or_e = 0; double local_dval = 0.0; zend_uchar type; - zend_long tmp_lval = 0; + zend_ulong tmp_lval = 0; int neg = 0; if (!length) { @@ -3143,7 +3143,7 @@ process_double: if (neg) { tmp_lval = -tmp_lval; } - *lval = tmp_lval; + *lval = (zend_long) tmp_lval; } return IS_LONG; -- 2.50.1