From 429af3cbe00bb711f86652abd62deccecf642927 Mon Sep 17 00:00:00 2001
From: David Carlier <devnexen@gmail.com>
Date: Tue, 1 Apr 2025 18:58:31 +0100
Subject: [PATCH] Fix GH-18212: fseek with SEEK_CUR and negative offset crash
 on debug

Triggers the assertion as with SEEK_CUR the stream position is set to a
negative value so we force the failure without affecting its position
instead.

close GH-18224
---
 ext/standard/tests/file/gh18212.phpt            | 13 +++++++++++++
 ext/standard/tests/file/stream_rfc2397_007.phpt |  2 +-
 main/streams/streams.c                          |  4 ++++
 3 files changed, 18 insertions(+), 1 deletion(-)
 create mode 100644 ext/standard/tests/file/gh18212.phpt

diff --git a/ext/standard/tests/file/gh18212.phpt b/ext/standard/tests/file/gh18212.phpt
new file mode 100644
index 0000000000000..6e4d8ad9bd328
--- /dev/null
+++ b/ext/standard/tests/file/gh18212.phpt
@@ -0,0 +1,13 @@
+--TEST--
+GH-18212: fseek with SEEK_CUR and negative offset leads to negative file stream position.
+--FILE--
+<?php
+$fp = fopen('php://input', 'r+');
+var_dump(fseek($fp, -1, SEEK_SET));
+var_dump(fseek($fp, -32, SEEK_CUR));
+fclose($fp);
+?>
+--EXPECT--
+int(-1)
+int(-1)
+
diff --git a/ext/standard/tests/file/stream_rfc2397_007.phpt b/ext/standard/tests/file/stream_rfc2397_007.phpt
index dcbe5beeb3dc9..49a037e855fbd 100644
--- a/ext/standard/tests/file/stream_rfc2397_007.phpt
+++ b/ext/standard/tests/file/stream_rfc2397_007.phpt
@@ -118,7 +118,7 @@ int(2)
 bool(false)
 ===S:-10,C===
 int(-1)
-bool(false)
+int(2)
 bool(false)
 ===S:3,S===
 int(0)
diff --git a/main/streams/streams.c b/main/streams/streams.c
index 7a5dc2a58aaf1..4e0aaa53b443e 100644
--- a/main/streams/streams.c
+++ b/main/streams/streams.c
@@ -1390,6 +1390,10 @@ PHPAPI int _php_stream_seek(php_stream *stream, zend_off_t offset, int whence)
 				}
  				whence = SEEK_SET;
 				break;
+			case SEEK_SET:
+				if (offset < 0) {
+					return -1;
+				}
 		}
 		ret = stream->ops->seek(stream, offset, whence, &stream->position);