From 62074d45b965af2b77c4e3bba9ad2d0f43ac6d5d Mon Sep 17 00:00:00 2001
From: Niels Dossche <7771979+nielsdos@users.noreply.github.com>
Date: Sun, 31 Mar 2024 14:14:05 +0200
Subject: [PATCH] Remove broken check in var_unserializer

`end = *p+maxlen`, and pointer overflow is UB, so that means that a check
of the form `end < *p` will always be false because it can only be true
on pointer overflow. In particular, the compiler simplifies this to
`maxlen < 0` which is always false because maxlen is unsigned.
---
 ext/standard/var_unserializer.re | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/ext/standard/var_unserializer.re b/ext/standard/var_unserializer.re
index a050fb5f74a70..d16566a073ff1 100644
--- a/ext/standard/var_unserializer.re
+++ b/ext/standard/var_unserializer.re
@@ -326,11 +326,6 @@ static zend_string *unserialize_str(const unsigned char **p, size_t len, size_t
 	zend_string *str = zend_string_safe_alloc(1, len, 0, 0);
 	unsigned char *end = *(unsigned char **)p+maxlen;
 
-	if (end < *p) {
-		zend_string_efree(str);
-		return NULL;
-	}
-
 	for (i = 0; i < len; i++) {
 		if (*p >= end) {
 			zend_string_efree(str);