From e25a1dccac9cbed2cb8d8860519e2ab49e25d30a Mon Sep 17 00:00:00 2001
From: Antony Dovgal <tony2001@php.net>
Date: Wed, 5 Apr 2006 11:36:13 +0000
Subject: fix #36944 (strncmp & strncasecmp do not return false on negative
 string length)

---
 Zend/zend_builtin_functions.c | 12 ++++++++++++
 1 file changed, 12 insertions(+)

(limited to 'Zend/zend_builtin_functions.c')

diff --git a/Zend/zend_builtin_functions.c b/Zend/zend_builtin_functions.c
index 07e5bf6ad1..f4a432d028 100644
--- a/Zend/zend_builtin_functions.c
+++ b/Zend/zend_builtin_functions.c
@@ -314,6 +314,12 @@ ZEND_FUNCTION(strncmp)
 	convert_to_string_ex(s1);
 	convert_to_string_ex(s2);
 	convert_to_long_ex(s3);
+
+	if (Z_LVAL_PP(s3) < 0) {
+		zend_error(E_WARNING, "Length must be greater than or equal to 0");
+		RETURN_FALSE;
+	}
+	
 	RETURN_LONG(zend_binary_zval_strncmp(*s1, *s2, *s3));
 }
 /* }}} */
@@ -347,6 +353,12 @@ ZEND_FUNCTION(strncasecmp)
 	convert_to_string_ex(s1);
 	convert_to_string_ex(s2);
 	convert_to_long_ex(s3);
+
+	if (Z_LVAL_PP(s3) < 0) {
+		zend_error(E_WARNING, "Length must be greater than or equal to 0");
+		RETURN_FALSE;
+	}
+
 	RETURN_LONG(zend_binary_zval_strncasecmp(*s1, *s2, *s3));
 }
 /* }}} */
-- 
cgit v1.2.1