Fix GH-17921 socket_read/socket_recv overflows on buffer size.

update the existing checks to be more straightforward instead of
counting on undefined behavior.

Author: devnexen

ext/sockets/sockets.c

@@ -884,7 +884,7 @@ PHP_FUNCTION(socket_read)
 	ENSURE_SOCKET_VALID(php_sock);
 
 	/* overflow check */
-	if ((length + 1) < 2) {
+	if (length <= 0 || length > ZSTR_MAX_LEN) {
 		RETURN_FALSE;
 	}
 
@@ -1326,7 +1326,7 @@ PHP_FUNCTION(socket_recv)
 	ENSURE_SOCKET_VALID(php_sock);
 
 	/* overflow check */
-	if ((len + 1) < 2) {
+	if (len <= 0 || len > ZSTR_MAX_LEN) {
 		RETURN_FALSE;
 	}
 
@@ -1411,7 +1411,7 @@ PHP_FUNCTION(socket_recvfrom)
 	/* overflow check */
 	/* Shouldthrow ? */
 
-	if (arg3 <= 0 || arg3 > ZEND_LONG_MAX - 1) {
+	if (arg3 <= 0 || arg3 > ZSTR_MAX_LEN - 1) {
 		RETURN_FALSE;
 	}
 

ext/sockets/tests/gh17921.phpt

@@ -0,0 +1,18 @@
+--TEST--
+GH-16267 - overflow on socket_strerror argument
+--EXTENSIONS--
+sockets
+--FILE--
+<?php
+$s_c_l = socket_create_listen(0);
+var_dump(socket_read($s_c_l, PHP_INT_MAX));
+var_dump(socket_read($s_c_l, PHP_INT_MIN));
+$a = "";
+var_dump(socket_recv($s_c_l, $a, PHP_INT_MAX, 0));
+var_dump(socket_recv($s_c_l, $a, PHP_INT_MIN, 0));
+?>
+--EXPECT--
+bool(false)
+bool(false)
+bool(false)
+bool(false)