Commit dc9e21b81c1 for php.net

commit dc9e21b81c143faa9677bb0cf157e83960a24d0d
Merge: f5d445e7adc 398b7dabfbd
Author: Ilija Tovilo <ilija.tovilo@me.com>
Date:   Wed May 6 13:09:23 2026 +0200

    GHSA-m8rr-4c36-8gq4: Consistently pass unsigned char to ctype.h functions

    Fixes GHSA-m8rr-4c36-8gq4
    Fixes CVE-2026-7258

diff --cc ext/gmp/gmp.c
index 420497d2693,8747a2237e7..fe7ecf8f8e2
--- a/ext/gmp/gmp.c
+++ b/ext/gmp/gmp.c
@@@ -651,13 -647,7 +651,13 @@@ static zend_result convert_zstr_to_gmp(
  	const char *num_str = ZSTR_VAL(val);
  	bool skip_lead = false;

 -	if (ZSTR_LEN(val) >= 2 && num_str[0] == '0') {
 +	size_t num_len = ZSTR_LEN(val);
- 	while (isspace(*num_str)) {
++	while (isspace((unsigned char)*num_str)) {
 +		++num_str;
 +		--num_len;
 +	}
 +
 +	if (num_len >= 2 && num_str[0] == '0') {
  		if ((base == 0 || base == 16) && (num_str[1] == 'x' || num_str[1] == 'X')) {
  			base = 16;
  			skip_lead = true;