Fix some int/long confusion issues in GMP

mpz_setbit seems to have limit of INT_MAX * GMP_NUMB_BITS on
the number of bits supported, and will abort() if that limit
is exceeded.

2 files changed, 31 insertions, 1 deletions

diff --git a/ext/gmp/gmp.c b/ext/gmp/gmp.c
index e40f5a435c..ab0d920093 100644
--- a/ext/gmp/gmp.c
+++ b/ext/gmp/gmp.c
@@ -1628,7 +1628,7 @@ ZEND_FUNCTION(gmp_prob_prime)
 
 	FETCH_GMP_ZVAL(gmpnum_a, gmpnumber_arg, temp_a);
 
-	RETVAL_LONG(mpz_probab_prime_p(gmpnum_a, reps));
+	RETVAL_LONG(mpz_probab_prime_p(gmpnum_a, (int)reps));
 	FREE_GMP_TEMP(temp_a);
 }
 /* }}} */
@@ -1956,6 +1956,10 @@ ZEND_FUNCTION(gmp_setbit)
 		php_error_docref(NULL, E_WARNING, "Index must be greater than or equal to zero");
 		RETURN_FALSE;
 	}
+    if (index / GMP_NUMB_BITS >= INT_MAX ) {
+        php_error_docref(NULL, E_WARNING, "Index must be less than %ld * %ld", INT_MAX, GMP_NUMB_BITS);
+        RETURN_FALSE;
+    }
 
 	gmpnum_a = GET_GMP_FROM_ZVAL(a_arg);
 
diff --git a/ext/gmp/tests/gmp_setbit_long.phpt b/ext/gmp/tests/gmp_setbit_long.phpt
new file mode 100644
index 0000000000..d0d0a3d989
--- /dev/null
+++ b/ext/gmp/tests/gmp_setbit_long.phpt
@@ -0,0 +1,26 @@
+--TEST--
+gmp_setbit() with large index
+--SKIPIF--
+<?php if (!extension_loaded("gmp")) print "skip"; ?>
+<?php if (PHP_INT_SIZE != 8) die("skip this test is for 64bit platform only"); ?>
+<?php if (getenv("SKIP_SLOW_TESTS")) die("skip slow test"); ?>
+--FILE--
+<?php
+
+$n = gmp_init("227200");
+for($a = 1<<30; $a > 0 && $a < 0x8000000000; $a <<= 2) {
+	$i = $a - 1;
+    printf("%X\n", $i);
+    gmp_setbit($n, $i, 1);
+}
+echo "Done\n";
+?>
+--EXPECTF--
+3FFFFFFF
+FFFFFFFF
+3FFFFFFFF
+FFFFFFFFF
+3FFFFFFFFF
+
+Warning: gmp_setbit(): Index must be less than %d * %d in %s/gmp_setbit_long.php on line %d
+Done
\ No newline at end of file