php · devnexen · Oct 5, 2024 · Oct 5, 2024 · nielsdos · Oct 5, 2024
diff --git a/ext/calendar/easter.c b/ext/calendar/easter.c
@@ -48,6 +48,11 @@ static void _cal_easter(INTERNAL_FUNCTION_PARAMETERS, bool gm)
 		}
 	}
 
+	if (year < 0 || year > (ZEND_LONG_MAX - 1)) {
+		zend_argument_value_error(1, "must be between 0 and " ZEND_LONG_FMT, (ZEND_LONG_MAX - 1));
+		RETURN_THROWS();
+	}
+
 	if (gm && (year<1970 || year>2037)) {				/* out of range for timestamps */
 		zend_argument_value_error(1, "must be between 1970 and 2037 (inclusive)");
 		RETURN_THROWS();

diff --git a/ext/calendar/tests/gh16228.phpt b/ext/calendar/tests/gh16228.phpt
@@ -0,0 +1,26 @@
+--TEST--
+GH-16228 (easter_days, Overflow on year argument)
+--EXTENSIONS--
+calendar
+--FILE--
+<?php
+try {
+	easter_days(PHP_INT_MAX, 0);
+} catch (\ValueError $e) {
+	echo $e->getMessage() . PHP_EOL;
+}
+try {
+	easter_days(-1, 0);
+} catch (\ValueError $e) {
+	echo $e->getMessage() . PHP_EOL;
+}
+try {
+	easter_date(PHP_INT_MAX, 0);
+} catch (\ValueError $e) {
+	echo $e->getMessage() . PHP_EOL;
+}
+?>
+--EXPECTF--
+easter_days(): Argument #1 ($year) must be between 0 and %d
+easter_days(): Argument #1 ($year) must be between 0 and %d
+easter_date(): Argument #1 ($year) must be between 0 and %d