Fixed GH-16978: Avoid unnecessary padding with leading zeros (#16988)

Fixed an issue where leading zeros were padded beyond the allocated memory.

fixes #16978
closes #16988

Author: SakiTakamachi

NEWS

@@ -2,6 +2,10 @@ PHP                                                                        NEWS
 |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
 ?? ??? ????, PHP 8.4.2
 
+- BcMath:
+  . Fixed bug GH-16978 (Avoid unnecessary padding with leading zeros)
+    (Saki Takamachi)
+
 - Core:
   . Fixed bug GH-16344 (setRawValueWithoutLazyInitialization() and
     skipLazyInitialization() may change initialized proxy). (Arnaud)

ext/bcmath/libbcmath/src/div.c

@@ -436,6 +436,7 @@ bool bc_divide(bc_num numerator, bc_num divisor, bc_num *quot, size_t scale)
 			numerator_bottom_extension = 0;
 			numeratorend -= scale_diff > numerator_top_extension ? scale_diff - numerator_top_extension : 0;
 		}
+		numerator_top_extension = MIN(numerator_top_extension, scale);
 	} else {
 		numerator_bottom_extension += scale - numerator_scale;
 	}

ext/bcmath/tests/gh16978.phpt

@@ -0,0 +1,12 @@
+--TEST--
+GH-16978 Stack buffer overflow ext/bcmath/libbcmath/src/div.c:464:12 in bc_divide
+--EXTENSIONS--
+bcmath
+--FILE--
+<?php
+echo bcpow('10', '-112', 10) . "\n";
+echo bcdiv('1', '10000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000', 1);
+?>
+--EXPECT--
+0.0000000000
+0.0