From fde053bb92ca8907224bbd74a5d786b07dbef52f Mon Sep 17 00:00:00 2001
From: David Carlier <devnexen@gmail.com>
Date: Sat, 5 Oct 2024 08:15:26 +0100
Subject: [PATCH] Fix GH-16235 jdtogregorian overflow

close GH-16242
---
 NEWS                            |  3 +++
 ext/calendar/gregor.c           |  6 +++++-
 ext/calendar/tests/gh16235.phpt | 11 +++++++++++
 3 files changed, 19 insertions(+), 1 deletion(-)
 create mode 100644 ext/calendar/tests/gh16235.phpt

diff --git a/NEWS b/NEWS
index a66ae29990f..8d967754ee4 100644
--- a/NEWS
+++ b/NEWS
@@ -2,6 +2,9 @@ PHP                                                                        NEWS
 |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
 ?? ??? ????, PHP 8.2.27
 
+- Calendar:
+  . Fixed jdtogregorian overflow. (David Carlier)
+
 - PDO:
   . Fixed memory leak of `setFetchMode()`. (SakiTakamachi)
 
diff --git a/ext/calendar/gregor.c b/ext/calendar/gregor.c
index dab12e5187d..17dc6db0e63 100644
--- a/ext/calendar/gregor.c
+++ b/ext/calendar/gregor.c
@@ -148,11 +148,15 @@ void SdnToGregorian(
 	int dayOfYear;
 
 	if (sdn <= 0 ||
-			sdn > (LONG_MAX - 4 * GREGOR_SDN_OFFSET) / 4) {
+			sdn > (ZEND_LONG_MAX - 4 * GREGOR_SDN_OFFSET) / 4) {
 		goto fail;
 	}
 	temp = (sdn + GREGOR_SDN_OFFSET) * 4 - 1;
 
+	if (temp < 0 || (temp / DAYS_PER_400_YEARS) > INT_MAX) {
+		goto fail;
+	}
+
 	/* Calculate the century (year/100). */
 	century = temp / DAYS_PER_400_YEARS;
 
diff --git a/ext/calendar/tests/gh16235.phpt b/ext/calendar/tests/gh16235.phpt
new file mode 100644
index 00000000000..6b885620982
--- /dev/null
+++ b/ext/calendar/tests/gh16235.phpt
@@ -0,0 +1,11 @@
+--TEST--
+GH-16235 (jdtogregorian overflow on argument)
+--EXTENSIONS--
+calendar
+--FILE--
+<?php
+jdtogregorian(536838867);
+echo "DONE";
+?>
+--EXPECT--
+DONE