From bb341210f53b7597a8a4821efdee9ce59810f2ed Mon Sep 17 00:00:00 2001
From: "Christoph M. Becker" <cmbecker69@gmx.de>
Date: Fri, 19 Aug 2022 16:26:26 +0200
Subject: [PATCH] Fix GH-9361: Segmentation fault on script exit

Using a lot of memory may overflow some `int` calculations; to avoid
that we make sure that the operands are promoted to `size_t`.

This issue has been analyzed by @chschneider.

Closes GH-9379.
---
 NEWS                    | 2 ++
 Zend/zend_alloc_sizes.h | 2 +-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/NEWS b/NEWS
index 2f93cb9808a..21d5d334a4e 100644
--- a/NEWS
+++ b/NEWS
@@ -5,6 +5,8 @@ PHP                                                                        NEWS
 - Core:
   . Fixed bug GH-9323 (Crash in ZEND_RETURN/GC/zend_call_function)
     (Tim Starling)
+  . Fixed bug GH-9361 (Segmentation fault on script exit #9379). (cmb,
+    Christian Schneider)
 
 - DOM:
   . Fixed bug #79451 (DOMDocument->replaceChild on doctype causes double free).
diff --git a/Zend/zend_alloc_sizes.h b/Zend/zend_alloc_sizes.h
index 9f1c00eaad5..502b982a505 100644
--- a/Zend/zend_alloc_sizes.h
+++ b/Zend/zend_alloc_sizes.h
@@ -19,7 +19,7 @@
 #ifndef ZEND_ALLOC_SIZES_H
 #define ZEND_ALLOC_SIZES_H
 
-#define ZEND_MM_CHUNK_SIZE (2 * 1024 * 1024)               /* 2 MB  */
+#define ZEND_MM_CHUNK_SIZE ((size_t) (2 * 1024 * 1024))    /* 2 MB  */
 #define ZEND_MM_PAGE_SIZE  (4 * 1024)                      /* 4 KB  */
 #define ZEND_MM_PAGES      (ZEND_MM_CHUNK_SIZE / ZEND_MM_PAGE_SIZE)  /* 512 */
 #define ZEND_MM_FIRST_PAGE (1)