diff --git a/ext/standard/pack.c b/ext/standard/pack.c
index 8f72164a26956..46798e7403daf 100644
--- a/ext/standard/pack.c
+++ b/ext/standard/pack.c
@@ -388,7 +388,7 @@ PHP_FUNCTION(pack)
 		switch ((int) code) {
 			case 'h':
 			case 'H':
-				INC_OUTPUTPOS((arg + (arg % 2)) / 2,1)	/* 4 bit per arg */
+				INC_OUTPUTPOS((arg / 2) + (arg % 2),1)	/* 4 bit per arg */
 				break;
 
 			case 'a':
diff --git a/ext/standard/tests/strings/gh18976.phpt b/ext/standard/tests/strings/gh18976.phpt
new file mode 100644
index 0000000000000..aa58167f9d45b
--- /dev/null
+++ b/ext/standard/tests/strings/gh18976.phpt
@@ -0,0 +1,14 @@
+--TEST--
+GH-18976 (pack overflow with h/H format)
+--INI--
+memory_limit=-1
+--FILE--
+<?php
+pack('h2147483647', 1);
+pack('H2147483647', 1);
+?>
+--EXPECTF--
+
+Warning: pack(): Type h: not enough characters in string in %s on line %d
+
+Warning: pack(): Type H: not enough characters in string in %s on line %d