diff --git a/NEWS b/NEWS index cec98047e99..b083174c1b1 100644 --- a/NEWS +++ b/NEWS @@ -7,6 +7,7 @@ PHP NEWS . Fixed GH-16241: easter_days/easter_date overflow on year argument. (David Carlier) . Fixed GH-16263: jddayofweek overflow. (cmb) + . Fixed GH-16234: jewishtojd overflow. (nielsdos) - CLI: . Fixed bug GH-16137: duplicate http headers when set several times by diff --git a/ext/calendar/jewish.c b/ext/calendar/jewish.c index 11318bd5bc6..bdfc9b4f910 100644 --- a/ext/calendar/jewish.c +++ b/ext/calendar/jewish.c @@ -433,16 +433,31 @@ static void MoladOfMetonicCycle( zend_long *pMoladHalakim) { register zend_ulong r1, r2, d1, d2; + zend_long chk; /* Start with the time of the first molad after creation. */ r1 = NEW_MOON_OF_CREATION; + chk = (zend_long)metonicCycle; + + if (chk > (ZEND_LONG_MAX - NEW_MOON_OF_CREATION) / (HALAKIM_PER_METONIC_CYCLE & 0xFFFF)) { + *pMoladDay = 0; + *pMoladHalakim = 0; + return; + } /* Calculate metonicCycle * HALAKIM_PER_METONIC_CYCLE. The upper 32 * bits of the result will be in r2 and the lower 16 bits will be * in r1. */ - r1 += metonicCycle * (HALAKIM_PER_METONIC_CYCLE & 0xFFFF); + r1 += chk * (HALAKIM_PER_METONIC_CYCLE & 0xFFFF); + + if (chk > (ZEND_LONG_MAX - (r1 >> 16)) / ((HALAKIM_PER_METONIC_CYCLE >> 16) & 0xFFFF)) { + *pMoladDay = 0; + *pMoladHalakim = 0; + return; + } + r2 = r1 >> 16; - r2 += metonicCycle * ((HALAKIM_PER_METONIC_CYCLE >> 16) & 0xFFFF); + r2 += chk * ((HALAKIM_PER_METONIC_CYCLE >> 16) & 0xFFFF); /* Calculate r2r1 / HALAKIM_PER_DAY. The remainder will be in r1, the * upper 16 bits of the quotient will be in d2 and the lower 16 bits diff --git a/ext/calendar/tests/gh16234.phpt b/ext/calendar/tests/gh16234.phpt new file mode 100644 index 00000000000..03777986dc8 --- /dev/null +++ b/ext/calendar/tests/gh16234.phpt @@ -0,0 +1,11 @@ +--TEST-- +GH-16234 jewishtojd overflow on year argument +--EXTENSIONS-- +calendar +--FILE-- + +--EXPECT-- +DONE