diff --git a/ext/standard/file.c b/ext/standard/file.c index 6b6b43b1fb6..11d174cd9d5 100644 --- a/ext/standard/file.c +++ b/ext/standard/file.c @@ -1885,8 +1885,8 @@ PHP_FUNCTION(fgetcsv) if (len_is_null || len == 0) { len = -1; - } else if (len < 0) { - zend_argument_value_error(2, "must be a greater than or equal to 0"); + } else if (len < 0 || len > (ZEND_LONG_MAX - 1)) { + zend_argument_value_error(2, "must be between 0 and " ZEND_LONG_FMT, (ZEND_LONG_MAX - 1)); RETURN_THROWS(); } diff --git a/ext/standard/tests/file/fgetcsv_error_conditions.phpt b/ext/standard/tests/file/fgetcsv_error_conditions.phpt index 9bb090246a5..cd07ece97eb 100644 --- a/ext/standard/tests/file/fgetcsv_error_conditions.phpt +++ b/ext/standard/tests/file/fgetcsv_error_conditions.phpt @@ -48,11 +48,11 @@ try { echo $e->getMessage() . \PHP_EOL; } ?> ---EXPECT-- +--EXPECTF-- fgetcsv() with negative length -fgetcsv(): Argument #2 ($length) must be a greater than or equal to 0 -fgetcsv(): Argument #2 ($length) must be a greater than or equal to 0 -fgetcsv(): Argument #2 ($length) must be a greater than or equal to 0 +fgetcsv(): Argument #2 ($length) must be between 0 and %d +fgetcsv(): Argument #2 ($length) must be between 0 and %d +fgetcsv(): Argument #2 ($length) must be between 0 and %d fgetcsv() with delimiter as empty string fgetcsv(): Argument #3 ($separator) must be a single character fgetcsv() with enclosure as empty string diff --git a/ext/standard/tests/file/gh15653.phpt b/ext/standard/tests/file/gh15653.phpt new file mode 100644 index 00000000000..2391dee959d --- /dev/null +++ b/ext/standard/tests/file/gh15653.phpt @@ -0,0 +1,22 @@ +--TEST-- +GH-15653 (fgetcsv overflow on length argument) +--FILE-- +getMessage() . PHP_EOL; +} + +fgetcsv($fp, PHP_INT_MAX-1); +--CLEAN-- + +--EXPECTF-- +fgetcsv(): Argument #2 ($length) must be between 0 and %d +%A