From 3e7710c97d54d19544af000f1375910fe92d4459 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tim=20D=C3=BCsterhus?= <tim@tideways-gmbh.com>
Date: Wed, 10 Dec 2025 12:12:31 +0100
Subject: [PATCH] lexbor: Cherry pick "URL: fixed "heap-buffer-overflow" for
 scheme is "file"."

see lexbor/lexbor@65435d3e4008d0f29e7b52a100a39fbed298a171

Fixes php/php-src#20668
---
 NEWS                        | 3 +++
 ext/lexbor/lexbor/url/url.c | 1 -
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/NEWS b/NEWS
index 947abfeaad5..1833ce6f9ca 100644
--- a/NEWS
+++ b/NEWS
@@ -13,6 +13,9 @@ PHP                                                                        NEWS
 - LDAP:
   . Fix memory leak in ldap_set_options(). (ndossche)
 
+- Lexbor:
+  . Fixed bug GH-20668 (\Uri\WhatWg\Url::withHost() crashes (SEGV) for URLs
+    using the file: scheme). (lexborisov)
 
 18 Dec 2025, PHP 8.5.1
 
diff --git a/ext/lexbor/lexbor/url/url.c b/ext/lexbor/lexbor/url/url.c
index 3483013eeaa..0eef7a6deba 100644
--- a/ext/lexbor/lexbor/url/url.c
+++ b/ext/lexbor/lexbor/url/url.c
@@ -1817,7 +1817,6 @@ again:
         if (override_state != LXB_URL_STATE__UNDEF
             && url->scheme.type == LXB_URL_SCHEMEL_TYPE_FILE)
         {
-            p -= 1;
             state = LXB_URL_STATE_FILE_HOST_STATE;
             goto again;
         }