From 3d857d5b810d7a28bf0d548a771263d1ff8921dd Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tim=20D=C3=BCsterhus?= <tim@bastelstu.be>
Date: Fri, 22 Sep 2023 17:32:09 +0200
Subject: [PATCH] round(): Validate the rounding mode (#12252)

---
 NEWS                                                 |  1 +
 UPGRADING                                            |  3 +++
 ext/standard/math.c                                  | 11 +++++++++++
 .../tests/math/round_valid_rounding_mode.phpt        | 12 ++++++++++++
 4 files changed, 27 insertions(+)
 create mode 100644 ext/standard/tests/math/round_valid_rounding_mode.phpt

diff --git a/NEWS b/NEWS
index c70c6a1c459..2c84a7fb780 100644
--- a/NEWS
+++ b/NEWS
@@ -15,5 +15,6 @@ Standard:
   . Implement GH-12188 (Indication for the int size in phpinfo()). (timwolla)
   . Partly fix GH-12143 (Incorrect round() result for 0.49999999999999994).
     (timwolla)
+  . Fix GH-12252 (round(): Validate the rounding mode). (timwolla)
 
 <<< NOTE: Insert NEWS from last stable release here prior to actual release! >>>
diff --git a/UPGRADING b/UPGRADING
index 630b5143f19..dcde7e1e4fb 100644
--- a/UPGRADING
+++ b/UPGRADING
@@ -58,6 +58,9 @@ PHP 8.4 UPGRADE NOTES
     would have resulted in 1.0 instead of the correct result 0.0. Additional
     inputs might also be affected and result in different outputs compared to
     earlier PHP versions.
+  . round() now validates the value of the $mode parameter and throws a ValueError
+    for invalid modes. Previously invalid modes would have been interpreted as
+    PHP_ROUND_HALF_UP.
 
 ========================================
 6. New Functions
diff --git a/ext/standard/math.c b/ext/standard/math.c
index 05f2252e304..6b16b0755f6 100644
--- a/ext/standard/math.c
+++ b/ext/standard/math.c
@@ -335,6 +335,17 @@ PHP_FUNCTION(round)
 		}
 	}
 
+	switch (mode) {
+		case PHP_ROUND_HALF_UP:
+		case PHP_ROUND_HALF_DOWN:
+		case PHP_ROUND_HALF_EVEN:
+		case PHP_ROUND_HALF_ODD:
+			break;
+		default:
+			zend_argument_value_error(3, "must be a valid rounding mode (PHP_ROUND_*)");
+			RETURN_THROWS();
+	}
+
 	switch (Z_TYPE_P(value)) {
 		case IS_LONG:
 			/* Simple case - long that doesn't need to be rounded. */
diff --git a/ext/standard/tests/math/round_valid_rounding_mode.phpt b/ext/standard/tests/math/round_valid_rounding_mode.phpt
new file mode 100644
index 00000000000..d61bc6356e1
--- /dev/null
+++ b/ext/standard/tests/math/round_valid_rounding_mode.phpt
@@ -0,0 +1,12 @@
+--TEST--
+round() rejects invalid rounding modes.
+--FILE--
+<?php
+try {
+    var_dump(round(1.5, mode: 1234));
+} catch (ValueError $e) {
+    echo $e->getMessage(), PHP_EOL;
+}
+?>
+--EXPECT--
+round(): Argument #3 ($mode) must be a valid rounding mode (PHP_ROUND_*)