Fix GH-16234 jewishtojd overflow on year argument.

close GH-16243

Author: devnexen

NEWS

@@ -7,6 +7,7 @@ PHP                                                                        NEWS
   . Fixed GH-16241: easter_days/easter_date overflow on year argument.
     (David Carlier)
   . Fixed GH-16263: jddayofweek overflow. (cmb)
+  . Fixed GH-16234: jewishtojd overflow. (nielsdos)
 
 - CLI:
   . Fixed bug GH-16137: duplicate http headers when set several times by

ext/calendar/jewish.c

@@ -433,16 +433,31 @@ static void MoladOfMetonicCycle(
 								   zend_long *pMoladHalakim)
 {
 	register zend_ulong r1, r2, d1, d2;
+	zend_long chk;
 
 	/* Start with the time of the first molad after creation. */
 	r1 = NEW_MOON_OF_CREATION;
+	chk = (zend_long)metonicCycle;
+
+	if (chk > (ZEND_LONG_MAX - NEW_MOON_OF_CREATION) / (HALAKIM_PER_METONIC_CYCLE & 0xFFFF)) {
+		*pMoladDay = 0;
+		*pMoladHalakim = 0;
+		return;
+	}
 
 	/* Calculate metonicCycle * HALAKIM_PER_METONIC_CYCLE.  The upper 32
 	 * bits of the result will be in r2 and the lower 16 bits will be
 	 * in r1. */
-	r1 += metonicCycle * (HALAKIM_PER_METONIC_CYCLE & 0xFFFF);
+	r1 += chk * (HALAKIM_PER_METONIC_CYCLE & 0xFFFF);
+
+	if (chk > (ZEND_LONG_MAX - (r1 >> 16)) / ((HALAKIM_PER_METONIC_CYCLE >> 16) & 0xFFFF)) {
+		*pMoladDay = 0;
+		*pMoladHalakim = 0;
+		return;
+	}
+
 	r2 = r1 >> 16;
-	r2 += metonicCycle * ((HALAKIM_PER_METONIC_CYCLE >> 16) & 0xFFFF);
+	r2 += chk * ((HALAKIM_PER_METONIC_CYCLE >> 16) & 0xFFFF);
 
 	/* Calculate r2r1 / HALAKIM_PER_DAY.  The remainder will be in r1, the
 	 * upper 16 bits of the quotient will be in d2 and the lower 16 bits

ext/calendar/tests/gh16234.phpt

@@ -0,0 +1,11 @@
+--TEST--
+GH-16234 jewishtojd overflow on year argument
+--EXTENSIONS--
+calendar
+--FILE--
+<?php
+jewishtojd(1218182888, 1, 1218182888);
+echo "DONE";
+?>
+--EXPECT--
+DONE