From 122bd9d6a2efc67299fef98283a21582a7da1ccd Mon Sep 17 00:00:00 2001
From: Saki Takamachi <saki@php.net>
Date: Fri, 29 Nov 2024 16:45:34 +0900
Subject: [PATCH] Fixed GH-16978: Avoid unnecessary padding with leading zeros

Fixed an issue where leading zeros were padded beyond the allocated memory.
---
 ext/bcmath/libbcmath/src/div.c |  1 +
 ext/bcmath/tests/gh16978.phpt  | 12 ++++++++++++
 2 files changed, 13 insertions(+)
 create mode 100644 ext/bcmath/tests/gh16978.phpt

diff --git a/ext/bcmath/libbcmath/src/div.c b/ext/bcmath/libbcmath/src/div.c
index 9c8344fe771a8..e9377fcfc4279 100644
--- a/ext/bcmath/libbcmath/src/div.c
+++ b/ext/bcmath/libbcmath/src/div.c
@@ -436,6 +436,7 @@ bool bc_divide(bc_num numerator, bc_num divisor, bc_num *quot, size_t scale)
 			numerator_bottom_extension = 0;
 			numeratorend -= scale_diff > numerator_top_extension ? scale_diff - numerator_top_extension : 0;
 		}
+		numerator_top_extension = MIN(numerator_top_extension, scale);
 	} else {
 		numerator_bottom_extension += scale - numerator_scale;
 	}
diff --git a/ext/bcmath/tests/gh16978.phpt b/ext/bcmath/tests/gh16978.phpt
new file mode 100644
index 0000000000000..4bb19a9be6bbe
--- /dev/null
+++ b/ext/bcmath/tests/gh16978.phpt
@@ -0,0 +1,12 @@
+--TEST--
+GH-16978 Stack buffer overflow ext/bcmath/libbcmath/src/div.c:464:12 in bc_divide
+--EXTENSIONS--
+bcmath
+--FILE--
+<?php
+echo bcpow('10', '-112', 10) . "\n";
+echo bcdiv('1', '10000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000', 1);
+?>
+--EXPECT--
+0.0000000000
+0.0