Fix ext/standard

Author: marc-mabe

ext/standard/file.c

@@ -498,10 +498,12 @@ PHP_FUNCTION(file_put_contents)
 			if (php_stream_copy_to_stream_ex(srcstream, stream, PHP_STREAM_COPY_ALL, &len) != SUCCESS) {
 				numbytes = -1;
 			} else {
+#if SIZEOF_SIZE_T >= SIZEOF_ZEND_LONG
 				if (len > ZEND_LONG_MAX) {
 					php_error_docref(NULL, E_WARNING, "content truncated from %zu to " ZEND_LONG_FMT " bytes", len, ZEND_LONG_MAX);
 					len = ZEND_LONG_MAX;
 				}
+#endif
 				numbytes = len;
 			}
 			break;

ext/standard/formatted_print.c

@@ -103,7 +103,7 @@ php_sprintf_appendstring(zend_string **buffer, size_t *pos, char *add,
 	if (req_size > ZSTR_LEN(*buffer)) {
 		size_t size = ZSTR_LEN(*buffer);
 		while (req_size > size) {
-			if (size > ZEND_SIZE_MAX/2) {
+			if (size > SIZE_MAX/2) {
 				zend_error_noreturn(E_ERROR, "Field width %zd is too long", req_size);
 			}
 			size <<= 1;

ext/standard/head.c

@@ -77,7 +77,7 @@ PHPAPI bool php_header(void)
 }
 
 #define ILLEGAL_COOKIE_CHARACTER "\",\", \";\", \" \", \"\\t\", \"\\r\", \"\\n\", \"\\013\", or \"\\014\""
-PHPAPI zend_result php_setcookie(zend_string *name, zend_string *value, time_t expires,
+PHPAPI zend_result php_setcookie(zend_string *name, zend_string *value, zend_long expires,
 	zend_string *path, zend_string *domain, bool secure, bool httponly,
 	zend_string *samesite, bool url_encode)
 {
@@ -110,7 +110,8 @@ PHPAPI zend_result php_setcookie(zend_string *name, zend_string *value, time_t e
 			get_active_function_name());
 		return FAILURE;
 	}
-#ifdef ZEND_ENABLE_ZVAL_LONG64
+
+#if SIZEOF_ZEND_LONG >= 8
 	if (expires >= 253402300800) {
 		zend_value_error("%s(): \"expires\" option cannot have a year greater than 9999",
 			get_active_function_name());

ext/standard/head.h

@@ -28,7 +28,7 @@
 extern PHP_RINIT_FUNCTION(head);
 
 PHPAPI bool php_header(void);
-PHPAPI zend_result php_setcookie(zend_string *name, zend_string *value, time_t expires,
+PHPAPI zend_result php_setcookie(zend_string *name, zend_string *value, zend_long expires,
 	zend_string *path, zend_string *domain, bool secure, bool httponly,
 	zend_string *samesite, bool url_encode);
 

ext/standard/math.c

@@ -1225,8 +1225,8 @@ PHPAPI zend_string *_php_math_number_format_long(zend_long num, zend_long dec, c
 		1, 10, 100, 1000, 10000,
 		100000, 1000000, 10000000, 100000000, 1000000000,
 #if SIZEOF_ZEND_LONG == 8
-		10000000000, 100000000000, 1000000000000, 10000000000000, 100000000000000,
-		1000000000000000, 10000000000000000, 100000000000000000, 1000000000000000000, 10000000000000000000ul
+		Z_UL(10000000000), Z_UL(100000000000), Z_UL(1000000000000), Z_UL(10000000000000), Z_UL(100000000000000),
+		Z_UL(1000000000000000), Z_UL(10000000000000000), Z_UL(100000000000000000), Z_UL(1000000000000000000), Z_UL(10000000000000000000)
 #elif SIZEOF_ZEND_LONG > 8
 # error "Unknown SIZEOF_ZEND_LONG"
 #endif
@@ -1256,7 +1256,7 @@ PHPAPI zend_string *_php_math_number_format_long(zend_long num, zend_long dec, c
 	// rounding the number
 	if (dec < 0) {
 		// Check rounding to more negative places than possible
-		if (dec < -(sizeof(powers) / sizeof(powers[0]) - 1)) {
+		if (dec < -(zend_long)(sizeof(powers) / sizeof(powers[0]) - 1)) {
 			tmpnum = 0;
 		} else {
 			power = powers[-dec];

ext/standard/string.c

@@ -2225,27 +2225,39 @@ static inline void _zend_substr(zval *return_value, zend_string *str, zend_long
 		/* if "from" position is negative, count start position from the end
 		 * of the string
 		 */
-		if (-(size_t)f > ZSTR_LEN(str)) {
+		f = (zend_long)ZSTR_LEN(str) + f;
+		if (f < 0) {
 			f = 0;
-		} else {
-			f = (zend_long)ZSTR_LEN(str) + f;
 		}
-	} else if ((size_t)f > ZSTR_LEN(str)) {
-		RETURN_EMPTY_STRING();
+	} else {
+#if SIZEOF_SIZE_T < SIZEOF_ZEND_LONG
+			if (UNEXPECTED(f > SIZE_MAX)) {
+				f = SIZE_MAX;
+			}
+#endif
+		if ((size_t)f > ZSTR_LEN(str)) {
+			RETURN_EMPTY_STRING();
+		}
 	}
 
 	if (!len_is_null) {
 		if (l < 0) {
 			/* if "length" position is negative, set it to the length
 			 * needed to stop that many chars from the end of the string
 			 */
-			if (-(size_t)l > ZSTR_LEN(str) - (size_t)f) {
+			l = (zend_long)ZSTR_LEN(str) - f + l;
+			if (l < 0) {
 				l = 0;
-			} else {
-				l = (zend_long)ZSTR_LEN(str) - f + l;
 			}
-		} else if ((size_t)l > ZSTR_LEN(str) - (size_t)f) {
-			l = (zend_long)ZSTR_LEN(str) - f;
+		} else {
+#if SIZEOF_SIZE_T < SIZEOF_ZEND_LONG
+			if (UNEXPECTED(l > SIZE_MAX)) {
+				l = SIZE_MAX;
+			}
+#endif
+			if ((size_t)l > ZSTR_LEN(str) - (size_t)f) {
+				l = (zend_long)ZSTR_LEN(str) - f;
+			}
 		}
 	} else {
 		l = (zend_long)ZSTR_LEN(str) - f;
@@ -2360,8 +2372,15 @@ PHP_FUNCTION(substr_replace)
 			if (f < 0) {
 				f = 0;
 			}
-		} else if ((size_t)f > ZSTR_LEN(str)) {
-			f = ZSTR_LEN(str);
+		} else {
+#if SIZEOF_SIZE_T < SIZEOF_ZEND_LONG
+			if (UNEXPECTED(f > SIZE_MAX)) {
+				f = SIZE_MAX;
+			}
+#endif
+			if ((size_t)f > ZSTR_LEN(str)) {
+				f = ZSTR_LEN(str);
+			}
 		}
 		/* if "length" position is negative, set it to the length
 		 * needed to stop that many chars from the end of the string
@@ -2373,6 +2392,12 @@ PHP_FUNCTION(substr_replace)
 			}
 		}
 
+#if SIZEOF_SIZE_T < SIZEOF_ZEND_LONG
+		if (UNEXPECTED(l > SIZE_MAX)) {
+			l = SIZE_MAX;
+		}
+#endif
+
 		if ((size_t)l > ZSTR_LEN(str)) {
 			l = ZSTR_LEN(str);
 		}
@@ -2522,6 +2547,12 @@ PHP_FUNCTION(substr_replace)
 				}
 			}
 
+#if SIZEOF_SIZE_T < SIZEOF_ZEND_LONG
+			if (UNEXPECTED(l > SIZE_MAX)) {
+				l = SIZE_MAX;
+			}
+#endif
+
 			ZEND_ASSERT(0 <= f && f <= ZEND_LONG_MAX);
 			ZEND_ASSERT(0 <= l && l <= ZEND_LONG_MAX);
 			if (((size_t) f + l) > ZSTR_LEN(orig_str)) {
@@ -5756,6 +5787,13 @@ PHP_FUNCTION(str_pad)
 		Z_PARAM_LONG(pad_type_val)
 	ZEND_PARSE_PARAMETERS_END();
 
+#if SIZEOF_SIZE_T < SIZEOF_ZEND_LONG
+	if (pad_length > SIZE_MAX/2) {
+		zend_argument_value_error(2, "must be lower or equal to %zd", SIZE_MAX/2);
+		RETURN_THROWS();
+	}
+#endif
+
 	/* If resulting string turns out to be shorter than input string,
 	   we simply copy the input and return. */
 	if (pad_length < 0  || (size_t)pad_length <= ZSTR_LEN(input)) {

ext/standard/tests/strings/gh15613.phpt

@@ -2,7 +2,7 @@
 GH-15613 overflow on hex strings repeater value
 --SKIPIF--
 <?php
-if (PHP_INT_SIZE != 8) die("skip this test is for 64 bit platform only");
+if (PHP_SYS_SIZE != 8) die("skip this test is for 64 bit platform only");
 ?>
 --INI--
 memory_limit=-1

ext/standard/tests/strings/sprintf_rope_optimization_004.phpt

@@ -7,22 +7,24 @@ gmp
 
 $a = new GMP("42");
 $b = new GMP("-1337");
-$c = new GMP("999999999999999999999999999999999");
+$c = new GMP((string)PHP_INT_MAX);
+$d = new GMP((string)PHP_INT_MIN);
+$e = new GMP("999999999999999999999999999999999");
 
 try {
 	if (PHP_INT_SIZE == 8) {
-		var_dump(sprintf("%d/%d/%d/%s", $a, $b, $c, $c + 1));
-		var_dump("42/-1337/2147483647/1000000000000000000000000000000000");
+		var_dump(sprintf("%d/%d/%d/%d/%d/%s", $a, $b, $c, $d, $e, $e + 1));
+		var_dump("42/-1337/2147483647/-2147483648/2147483647/1000000000000000000000000000000000");
 	} else {
-		var_dump("42/-1337/4089650035136921599/1000000000000000000000000000000000");
-		var_dump(sprintf("%d/%d/%d/%s", $a, $b, $c, $c + 1));
+		var_dump("42/-1337/9223372036854775807/-9223372036854775808/4089650035136921599/1000000000000000000000000000000000");
+		var_dump(sprintf("%d/%d/%d/%d/%d/%s", $a, $b, $c, $d, $e, $e + 1));
 	}
 } catch (\Throwable $e) {echo $e, PHP_EOL; } echo PHP_EOL;
 
 echo "Done";
 ?>
 --EXPECTF--
-string(63) "42/-1337/4089650035136921599/1000000000000000000000000000000000"
-string(54) "42/-1337/2147483647/1000000000000000000000000000000000"
+string(104) "42/-1337/9223372036854775807/-9223372036854775808/4089650035136921599/1000000000000000000000000000000000"
+string(77) "42/-1337/2147483647/-2147483648/2147483647/1000000000000000000000000000000000"
 
 Done

ext/standard/tests/strings/str_pad_variation1.phpt

@@ -1,5 +1,7 @@
 --TEST--
 Test str_pad() function : usage variations - large values for '$pad_length' argument
+--INI--
+memory_limit=1g
 --SKIPIF--
 <?php
 if (getenv("USE_ZEND_ALLOC") === "0") {
@@ -12,7 +14,7 @@ if (getenv("USE_ZEND_ALLOC") === "0") {
  *  and expected type for '$input'
 */
 
-echo "*** Testing str_pad() function: with large value for for 'pad_length' argument ***\n";
+echo "*** Testing str_pad() function: with large value for 'pad_length' argument ***\n";
 
 //defining '$input' argument
 $input = "Test string";
@@ -24,13 +26,12 @@ try {
     echo $e->getMessage() . "\n";
 }
 
-$php_int_max_pad_length = PHP_INT_MAX;
-var_dump( str_pad($input, $php_int_max_pad_length) );
-
+// INT32_MAX
+var_dump( str_pad($input, 2147483647) );
 
 ?>
 --EXPECTF--
-*** Testing str_pad() function: with large value for for 'pad_length' argument ***
+*** Testing str_pad() function: with large value for 'pad_length' argument ***
 str_pad(): Argument #2 ($length) must be of type int, float given
 
 Fatal error: Allowed memory size of %d bytes exhausted%s(tried to allocate %d bytes) in %s on line %d

ext/standard/tests/strings/str_pad_variation5.phpt

@@ -4,26 +4,26 @@ Test str_pad() function : usage variations - unexpected large value for '$pad_le
 memory_limit=128M
 --SKIPIF--
 <?php
-if (PHP_INT_SIZE != 4) die("skip this test is for 32bit platform only");
+if (PHP_SYS_SIZE >= PHP_INT_SIZE) {
+    die("skip this test is for PHP_SyS_SIZE < PHP_INT_SIZE only");
+}
 if (getenv("USE_ZEND_ALLOC") === "0") {
     die("skip Zend MM disabled");
 }
-?>
+
 --FILE--
 <?php
-/* Test str_pad() function: with unexpected inputs for '$pad_length'
- *  and expected type for '$input'
-*/
+$input = "Test string";
 
-echo "*** Testing str_pad() function: with large value for for 'pad_length' argument ***\n";
+try {
+    var_dump( str_pad($input, PHP_INT_MAX) );
+} catch (ValueError $e) {
+    echo $e::class . ": {$e->getMessage()}\n";
+}
 
-//defining '$input' argument
-$input = "Test string";
-$pad_length = PHP_INT_MAX - 16; /* zend_string header is 16 bytes */
-var_dump( str_pad($input, $pad_length) );
+var_dump( str_pad($input, 2**(PHP_SYS_SIZE*8-1)-1) );
 
-?>
 --EXPECTF--
-*** Testing str_pad() function: with large value for for 'pad_length' argument ***
+ValueError: str_pad(): Argument #2 ($length) must be lower or equal to %d
 
 Fatal error: Allowed memory size of %d bytes exhausted%s(tried to allocate %d bytes) in %s on line %d