Merge branch 'PHP-8.3' into PHP-8.4

Author: devnexen

NEWS

@@ -9,6 +9,9 @@ PHP                                                                        NEWS
     bypassable due to the environment variable collision). (CVE-2024-8927)
     (nielsdos)
 
+- Calendar:
+  . Fixed GH-16240: jdtounix overflow on argument value. (David Carlier)
+
 - CLI:
   . Fixed bug GH-16137: duplicate http headers when set several times by
     the client. (David Carlier)

ext/calendar/cal_unix.c

@@ -60,13 +60,13 @@ PHP_FUNCTION(jdtounix)
 	if (zend_parse_parameters(ZEND_NUM_ARGS(), "l", &uday) == FAILURE) {
 		RETURN_THROWS();
 	}
-	uday -= 2440588 /* J.D. of 1.1.1970 */;
-
-	if (uday < 0 || uday > ZEND_LONG_MAX / SECS_PER_DAY) { /* before beginning of unix epoch or greater than representable */
+	if (uday < 2440588 || (uday - 2440588) > (ZEND_LONG_MAX / SECS_PER_DAY)) { /* before beginning of unix epoch or greater than representable */
 		zend_value_error("jday must be between 2440588 and " ZEND_LONG_FMT, ZEND_LONG_MAX / SECS_PER_DAY + 2440588);
 		RETURN_THROWS();
 	}
 
+	uday -= 2440588 /* J.D. of 1.1.1970 */;
+
 	RETURN_LONG(uday * SECS_PER_DAY);
 }
 /* }}} */

ext/calendar/tests/gh16231.phpt

@@ -0,0 +1,21 @@
+--TEST--
+GH-16231 (jdtounix argument overflow)
+--EXTENSIONS--
+calendar
+--FILE--
+<?php
+try {
+	jdtounix(PHP_INT_MIN);
+} catch (\ValueError $e) {
+	echo $e->getMessage() . PHP_EOL;
+}
+
+try {
+	jdtounix(240587);
+} catch (\ValueError $e) {
+	echo $e->getMessage();
+}
+?>
+--EXPECTF--
+jday must be between 2440588 and %d
+jday must be between 2440588 and %d