diff --git a/NEWS b/NEWS index 60eea27dd42..85f4638ba7d 100644 --- a/NEWS +++ b/NEWS @@ -11,6 +11,8 @@ PHP NEWS - Calendar: . Fixed GH-16240: jdtounix overflow on argument value. (David Carlier) + . Fixed GH-16241: easter_days/easter_date overflow on year argument. + (David Carlier) - CLI: . Fixed bug GH-16137: duplicate http headers when set several times by diff --git a/ext/calendar/easter.c b/ext/calendar/easter.c index d6ff54fa0f6..84eb9ea12a8 100644 --- a/ext/calendar/easter.c +++ b/ext/calendar/easter.c @@ -33,6 +33,7 @@ static void _cal_easter(INTERNAL_FUNCTION_PARAMETERS, bool gm) struct tm te; zend_long year, golden, solar, lunar, pfm, dom, tmp, easter, result; zend_long method = CAL_EASTER_DEFAULT; + const zend_long max_year = ZEND_LONG_MAX / 1.25; bool year_is_null = 1; if (zend_parse_parameters(ZEND_NUM_ARGS(), @@ -53,6 +54,11 @@ static void _cal_easter(INTERNAL_FUNCTION_PARAMETERS, bool gm) } } + if (year <= 0 || year > max_year) { + zend_argument_value_error(1, "must be between 1 and " ZEND_LONG_FMT, max_year); + RETURN_THROWS(); + } + #ifdef ZEND_ENABLE_ZVAL_LONG64 /* Compiling for 64bit, allow years between 1970 and 2.000.000.000 */ if (gm && year < 1970) { diff --git a/ext/calendar/tests/gh16228.phpt b/ext/calendar/tests/gh16228.phpt new file mode 100644 index 00000000000..9ce80688195 --- /dev/null +++ b/ext/calendar/tests/gh16228.phpt @@ -0,0 +1,26 @@ +--TEST-- +GH-16228 (easter_days, Overflow on year argument) +--EXTENSIONS-- +calendar +--FILE-- +getMessage() . PHP_EOL; +} +try { + easter_days(-1, 0); +} catch (\ValueError $e) { + echo $e->getMessage() . PHP_EOL; +} +try { + easter_date(PHP_INT_MAX, 0); +} catch (\ValueError $e) { + echo $e->getMessage() . PHP_EOL; +} +?> +--EXPECTF-- +easter_days(): Argument #1 ($year) must be between 1 and %d +easter_days(): Argument #1 ($year) must be between 1 and %d +easter_date(): Argument #1 ($year) must be between 1 and %d