From d36109bd71c71f48b3fe8f5f815fb1dc47aa625f Mon Sep 17 00:00:00 2001
From: Gina Peter Banyard <girgias@php.net>
Date: Mon, 13 Oct 2025 14:24:51 +0100
Subject: [PATCH] ext/phar: use size_t type instead of int

---
 NEWS              | 2 ++
 ext/phar/phar.c   | 2 +-
 ext/phar/stream.c | 2 +-
 3 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/NEWS b/NEWS
index 9c97a52402a72..9c0be9d18a3ab 100644
--- a/NEWS
+++ b/NEWS
@@ -37,6 +37,8 @@ PHP                                                                        NEWS
   . Fix file descriptor/memory leak when opening central fp fails. (nielsdos)
   . Fix memleak+UAF when opening temp stream in buildFromDirectory() fails.
     (nielsdos)
+  . Fix potential buffer length truncation due to usage of type int instead
+    of type size_t. (Girgias)
 
 - Random:
   . Fix Randomizer::__serialize() w.r.t. INDIRECTs. (nielsdos)
diff --git a/ext/phar/phar.c b/ext/phar/phar.c
index ab5460887c3fe..b7baf9e69ce4f 100644
--- a/ext/phar/phar.c
+++ b/ext/phar/phar.c
@@ -1590,7 +1590,7 @@ int phar_open_from_filename(char *fname, size_t fname_len, char *alias, size_t a
 }
 /* }}}*/
 
-static inline char *phar_strnstr(const char *buf, int buf_len, const char *search, int search_len) /* {{{ */
+static inline char *phar_strnstr(const char *buf, size_t buf_len, const char *search, size_t search_len) /* {{{ */
 {
 	const char *c;
 	ptrdiff_t so_far = 0;
diff --git a/ext/phar/stream.c b/ext/phar/stream.c
index e68f07bddd0ca..a0049f9a6b1f0 100644
--- a/ext/phar/stream.c
+++ b/ext/phar/stream.c
@@ -673,7 +673,7 @@ static int phar_wrapper_unlink(php_stream_wrapper *wrapper, const char *url, int
 {
 	php_url *resource;
 	char *internal_file, *error;
-	int internal_file_len;
+	size_t internal_file_len;
 	phar_entry_data *idata;
 	phar_archive_data *pphar;
 	uint32_t host_len;