From 5ca72eca8e0b11a2a94aa2e1069114f451b62552 Mon Sep 17 00:00:00 2001
From: Niels Dossche <7771979+nielsdos@users.noreply.github.com>
Date: Wed, 3 Apr 2024 18:15:56 +0200
Subject: [PATCH] Remove broken check in var_unserializer (#13852)

`end = *p+maxlen`, and pointer overflow is UB, so that means that a check
of the form `end < *p` will always be false because it can only be true
on pointer overflow. In particular, the compiler simplifies this to
`maxlen < 0` which is always false because maxlen is unsigned.
---
 ext/standard/var_unserializer.re | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/ext/standard/var_unserializer.re b/ext/standard/var_unserializer.re
index a050fb5f74a..d16566a073f 100644
--- a/ext/standard/var_unserializer.re
+++ b/ext/standard/var_unserializer.re
@@ -326,11 +326,6 @@ static zend_string *unserialize_str(const unsigned char **p, size_t len, size_t
 	zend_string *str = zend_string_safe_alloc(1, len, 0, 0);
 	unsigned char *end = *(unsigned char **)p+maxlen;
 
-	if (end < *p) {
-		zend_string_efree(str);
-		return NULL;
-	}
-
 	for (i = 0; i < len; i++) {
 		if (*p >= end) {
 			zend_string_efree(str);