diff --git a/ext/standard/file.c b/ext/standard/file.c index d05d63bc4f0fe..5a1fa2cec9364 100644 --- a/ext/standard/file.c +++ b/ext/standard/file.c @@ -1895,8 +1895,8 @@ PHP_FUNCTION(fgetcsv) if (len_is_null || len == 0) { len = -1; - } else if (len < 0) { - zend_argument_value_error(2, "must be a greater than or equal to 0"); + } else if (len < 0 || len > (ZEND_LONG_MAX - 1)) { + zend_argument_value_error(2, "must be between 0 and " ZEND_LONG_FMT, (ZEND_LONG_MAX - 1)); RETURN_THROWS(); } diff --git a/ext/standard/tests/file/fgetcsv_error_conditions.phpt b/ext/standard/tests/file/fgetcsv_error_conditions.phpt index 9bb090246a539..cd07ece97ebde 100644 --- a/ext/standard/tests/file/fgetcsv_error_conditions.phpt +++ b/ext/standard/tests/file/fgetcsv_error_conditions.phpt @@ -48,11 +48,11 @@ try { echo $e->getMessage() . \PHP_EOL; } ?> ---EXPECT-- +--EXPECTF-- fgetcsv() with negative length -fgetcsv(): Argument #2 ($length) must be a greater than or equal to 0 -fgetcsv(): Argument #2 ($length) must be a greater than or equal to 0 -fgetcsv(): Argument #2 ($length) must be a greater than or equal to 0 +fgetcsv(): Argument #2 ($length) must be between 0 and %d +fgetcsv(): Argument #2 ($length) must be between 0 and %d +fgetcsv(): Argument #2 ($length) must be between 0 and %d fgetcsv() with delimiter as empty string fgetcsv(): Argument #3 ($separator) must be a single character fgetcsv() with enclosure as empty string diff --git a/ext/standard/tests/file/gh15653.phpt b/ext/standard/tests/file/gh15653.phpt new file mode 100644 index 0000000000000..2391dee959d42 --- /dev/null +++ b/ext/standard/tests/file/gh15653.phpt @@ -0,0 +1,22 @@ +--TEST-- +GH-15653 (fgetcsv overflow on length argument) +--FILE-- +getMessage() . PHP_EOL; +} + +fgetcsv($fp, PHP_INT_MAX-1); +--CLEAN-- + +--EXPECTF-- +fgetcsv(): Argument #2 ($length) must be between 0 and %d +%A