From f4d2dd038b5f926f98d03c4c974b3c7cb06c8532 Mon Sep 17 00:00:00 2001
From: David Carlier <devnexen@gmail.com>
Date: Sat, 5 Oct 2024 07:13:40 +0100
Subject: [PATCH] Fix GH-16231 jdtounix overflow on argument value.

Close GH-16240
---
 NEWS                            |  3 +++
 ext/calendar/cal_unix.c         |  6 +++---
 ext/calendar/tests/gh16231.phpt | 21 +++++++++++++++++++++
 3 files changed, 27 insertions(+), 3 deletions(-)
 create mode 100644 ext/calendar/tests/gh16231.phpt

diff --git a/NEWS b/NEWS
index d492c976184..b005320f61d 100644
--- a/NEWS
+++ b/NEWS
@@ -2,6 +2,9 @@ PHP                                                                        NEWS
 |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
 ?? ??? ????, PHP 8.2.25
 
+- Calendar:
+  . Fixed GH-16240: jdtounix overflow on argument value. (David Carlier)
+
 - CLI:
   . Fixed bug GH-16137: duplicate http headers when set several times by
     the client. (David Carlier)
diff --git a/ext/calendar/cal_unix.c b/ext/calendar/cal_unix.c
index 78a08fdef0a..c3fe5557d24 100644
--- a/ext/calendar/cal_unix.c
+++ b/ext/calendar/cal_unix.c
@@ -60,13 +60,13 @@ PHP_FUNCTION(jdtounix)
 	if (zend_parse_parameters(ZEND_NUM_ARGS(), "l", &uday) == FAILURE) {
 		RETURN_THROWS();
 	}
-	uday -= 2440588 /* J.D. of 1.1.1970 */;
-
-	if (uday < 0 || uday > ZEND_LONG_MAX / SECS_PER_DAY) { /* before beginning of unix epoch or greater than representable */
+	if (uday < 2440588 || (uday - 2440588) > (ZEND_LONG_MAX / SECS_PER_DAY)) { /* before beginning of unix epoch or greater than representable */
 		zend_value_error("jday must be between 2440588 and " ZEND_LONG_FMT, ZEND_LONG_MAX / SECS_PER_DAY + 2440588);
 		RETURN_THROWS();
 	}
 
+	uday -= 2440588 /* J.D. of 1.1.1970 */;
+
 	RETURN_LONG(uday * SECS_PER_DAY);
 }
 /* }}} */
diff --git a/ext/calendar/tests/gh16231.phpt b/ext/calendar/tests/gh16231.phpt
new file mode 100644
index 00000000000..89b09dd3f63
--- /dev/null
+++ b/ext/calendar/tests/gh16231.phpt
@@ -0,0 +1,21 @@
+--TEST--
+GH-16231 (jdtounix argument overflow)
+--EXTENSIONS--
+calendar
+--FILE--
+<?php
+try {
+	jdtounix(PHP_INT_MIN);
+} catch (\ValueError $e) {
+	echo $e->getMessage() . PHP_EOL;
+}
+
+try {
+	jdtounix(240587);
+} catch (\ValueError $e) {
+	echo $e->getMessage();
+}
+?>
+--EXPECTF--
+jday must be between 2440588 and %d
+jday must be between 2440588 and %d