Merge branch 'PHP-8.3' into PHP-8.4

Author: devnexen

NEWS

@@ -100,6 +100,9 @@ PHP                                                                        NEWS
   . Fixed bug GH-15657 (Segmentation fault in dasm_x86.h). (nielsdos)
   . Added opcache_jit_blacklist() function. (Bob)
 
+- PCRE:
+  . Fixed GH-16189 (underflow on offset argument). (David Carlier)
+
 - PHPDBG:
   . Fixed bug GH-15901 (phpdbg: Assertion failure on i funcs). (cmb)
 

ext/pcre/php_pcre.c

@@ -1124,6 +1124,11 @@ static void php_do_pcre_match(INTERNAL_FUNCTION_PARAMETERS, bool global) /* {{{
 		RETURN_FALSE;
 	}
 
+	if (start_offset == ZEND_LONG_MIN) {
+		zend_argument_value_error(5, "must be greater than " ZEND_LONG_FMT, ZEND_LONG_MIN);
+		RETURN_THROWS();
+	}
+
 	pce->refcount++;
 	php_pcre_match_impl(pce, subject, return_value, subpats,
 		global, flags, start_offset);

ext/pcre/tests/gh16189.phpt

@@ -0,0 +1,19 @@
+--TEST--
+GH-16189 (preg_match/preg_match_all underflow on start_offset argument)
+--FILE--
+<?php
+
+try {
+	preg_match( '/<(\w+)[\s\w\-]+ id="S44_i89ew">/', '<br><div id="S44_i89ew">', $matches, 0, PHP_INT_MIN);
+} catch (\ValueError $e) {
+	echo $e->getMessage() . PHP_EOL;
+}
+try {
+	preg_match_all( '/<(\w+)[\s\w\-]+ id="S44_i89ew">/', '<br><div id="S44_i89ew">', $matches, 0, PHP_INT_MIN);
+} catch (\ValueError $e) {
+	echo $e->getMessage() . PHP_EOL;
+}
+?>
+--EXPECTF--
+preg_match(): Argument #5 ($offset) must be greater than %s
+preg_match_all(): Argument #5 ($offset) must be greater than %s