Commit 411c0de215f for php.net

commit 411c0de215f88856925e3a9af07c0ca909e967be
Merge: 0842621234f 47def8ce1db
Author: Ilija Tovilo <ilija.tovilo@me.com>
Date:   Wed May 6 13:06:36 2026 +0200

    Merge branch 'PHP-8.2' into PHP-8.3

    * PHP-8.2:
      GHSA-96wq-48vp-hh57: [metaphone] Fix signed integer overflow of char array offset

diff --cc ext/standard/metaphone.c
index 149f95c127c,7affde44de1..9bddc996690
--- a/ext/standard/metaphone.c
+++ b/ext/standard/metaphone.c
@@@ -128,9 -117,10 +128,9 @@@ static zend_always_inline char encode(c

  /* Allows us to safely look ahead an arbitrary # of letters */
  /* I probably could have just used strlen... */
- static char Lookahead(char *word, int how_far)
+ static char Lookahead(char *word, size_t how_far)
  {
- 	int idx;
 -	char letter_ahead = '\0';	/* null by default */
+ 	size_t idx;
  	for (idx = 0; word[idx] != '\0' && idx < how_far; idx++);
  	/* Edge forward in the string... */

@@@ -170,10 -161,9 +170,10 @@@
  /* {{{ metaphone */
  static void metaphone(unsigned char *word, size_t word_len, zend_long max_phonemes, zend_string **phoned_word, int traditional)
  {
- 	int w_idx = 0;				/* point in the phonization we're at. */
+ 	size_t w_idx = 0;				/* point in the phonization we're at. */
  	size_t p_idx = 0;				/* end of the phoned phrase */
  	size_t max_buffer_len = 0;		/* maximum length of the destination buffer */
 +	char curr_letter;
  	ZEND_ASSERT(word != NULL);
  	ZEND_ASSERT(max_phonemes >= 0);