Merge branch 'PHP-8.4'

devnexen · devnexen · commit 0323fffd4b9a · 2024-10-11T08:49:19.000+01:00
diff --git a/ext/mbstring/mbstring.c b/ext/mbstring/mbstring.c
@@ -2326,6 +2326,16 @@ PHP_FUNCTION(mb_substr)
 		Z_PARAM_STR_OR_NULL(encoding)
 	ZEND_PARSE_PARAMETERS_END();
 
+	if (from == ZEND_LONG_MIN) {
+		zend_argument_value_error(2, "must be between " ZEND_LONG_FMT " and " ZEND_LONG_FMT, (ZEND_LONG_MIN + 1), ZEND_LONG_MAX);
+		RETURN_THROWS();
+	}
+
+	if (!len_is_null && len == ZEND_LONG_MIN) {
+		zend_argument_value_error(3, "must be between " ZEND_LONG_FMT " and " ZEND_LONG_FMT, (ZEND_LONG_MIN + 1), ZEND_LONG_MAX);
+		RETURN_THROWS();
+	}
+
 	const mbfl_encoding *enc = php_mb_get_encoding(encoding, 4);
 	if (!enc) {
 		RETURN_THROWS();
diff --git a/ext/mbstring/tests/gh16360.phpt b/ext/mbstring/tests/gh16360.phpt
@@ -0,0 +1,23 @@
+--TEST--
+GH-16320 mb_substr overflow from negative length
+--EXTENSIONS--
+mbstring
+--FILE--
+<?php
+try {
+	mb_substr("abcd", PHP_INT_MIN, 4, "UTF-8");
+} catch (\ValueError $e) {
+	echo $e->getMessage() . PHP_EOL;
+}
+try {
+	mb_substr("abcd", 0, PHP_INT_MIN, "UTF-8");
+} catch (\ValueError $e) {
+	echo $e->getMessage() . PHP_EOL;
+}
+var_dump(mb_substr("abcd", PHP_INT_MAX, PHP_INT_MAX, "UTF-8"));
+?>
+--EXPECTF--
+mb_substr(): Argument #2 ($start) must be between %s and %s
+mb_substr(): Argument #3 ($length) must be between %s and %s
+string(0) ""
+
