From c783645b99f35da3735977a05c9b7d0da372ce6b Mon Sep 17 00:00:00 2001
From: Anatol Belski <ab@php.net>
Date: Mon, 29 Jun 2015 11:35:36 +0200
Subject: [PATCH] fix more places with subtle negative zend_long to size_t cast

---
 ext/standard/string.c | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/ext/standard/string.c b/ext/standard/string.c
index 0a5e8bec4d..1ce301e9cc 100644
--- a/ext/standard/string.c
+++ b/ext/standard/string.c
@@ -2563,9 +2563,10 @@ PHP_FUNCTION(substr_replace)
 					f = zval_get_long(tmp_from);
 
 					if (f < 0) {
-						f = orig_str->len + f;
-						if (f < 0) {
+						if (-f > orig_str->len) {
 							f = 0;
+						} else {
+							f = orig_str->len + f;
 						}
 					} else if (f > orig_str->len) {
 						f = orig_str->len;
@@ -2577,9 +2578,10 @@ PHP_FUNCTION(substr_replace)
 			} else {
 				f = Z_LVAL_P(from);
 				if (f < 0) {
-					f = orig_str->len + f;
-					if (f < 0) {
+					if (-f > orig_str->len) {
 						f = 0;
+					} else {
+						f = orig_str->len + f;
 					}
 				} else if (f > orig_str->len) {
 					f = orig_str->len;
-- 
2.40.0