From 387c0de98312d576868bf45e8c7b2d4f2ab3c738 Mon Sep 17 00:00:00 2001
From: "Christoph M. Becker" <cmbecker69@gmx.de>
Date: Fri, 23 Jul 2021 12:43:03 +0200
Subject: [PATCH] Fix #81283: shmop can't read beyond 2147483647 bytes

`start`, `count` and `shmop->size` are `zend_long`, so we must not
restrict to `INT_MAX`.

Closes GH-7301.
---
 NEWS              | 3 +++
 ext/shmop/shmop.c | 2 +-
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/NEWS b/NEWS
index 31025c18c60..f4a16fe24b0 100644
--- a/NEWS
+++ b/NEWS
@@ -13,6 +13,9 @@ PHP                                                                        NEWS
 - CGI:
   . Fixed bug #80849 (HTTP Status header truncation). (cmb)
 
+- Shmop:
+  . Fixed bug #81283 (shmop can't read beyond 2147483647 bytes). (cmb, Nikita)
+
 - Standard:
   . Fixed bug #72146 (Integer overflow on substr_replace). (cmb)
   . Fixed bug #81265 (getimagesize returns 0 for 256px ICO images).
diff --git a/ext/shmop/shmop.c b/ext/shmop/shmop.c
index 07414f2bca7..78f109df42a 100644
--- a/ext/shmop/shmop.c
+++ b/ext/shmop/shmop.c
@@ -251,7 +251,7 @@ PHP_FUNCTION(shmop_read)
 		RETURN_FALSE;
 	}
 
-	if (count < 0 || start > (INT_MAX - count) || start + count > shmop->size) {
+	if (count < 0 || start > (ZEND_LONG_MAX - count) || start + count > shmop->size) {
 		php_error_docref(NULL, E_WARNING, "count is out of range");
 		RETURN_FALSE;
 	}