From 292e936ca893744f0b6828183cf6699aaef9e727 Mon Sep 17 00:00:00 2001
From: Niels Dossche <7771979+nielsdos@users.noreply.github.com>
Date: Sat, 6 Jul 2024 14:09:50 +0200
Subject: [PATCH] Handle invalid values better in PHP_XML_OPTION_SKIP_TAGSTART

---
 ext/xml/xml.c | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/ext/xml/xml.c b/ext/xml/xml.c
index 85ac06739ac01..6f5919600fafd 100644
--- a/ext/xml/xml.c
+++ b/ext/xml/xml.c
@@ -1507,18 +1507,19 @@ PHP_FUNCTION(xml_parser_set_option)
 			parser->parsehuge = zend_is_true(value);
 			break;
 		/* Integer option */
-		case PHP_XML_OPTION_SKIP_TAGSTART:
+		case PHP_XML_OPTION_SKIP_TAGSTART: {
 			/* The tag start offset is stored in an int */
 			/* TODO Improve handling of values? */
-			parser->toffset = zval_get_long(value);
-			if (parser->toffset < 0) {
+			zend_long value_long = zval_get_long(value);
+			if (value_long < 0 || value_long > INT_MAX) {
 				/* TODO Promote to ValueError in PHP 9.0 */
 				php_error_docref(NULL, E_WARNING, "Argument #3 ($value) must be between 0 and %d"
-					" for option XML_OPTION_SKIP_TAGSTART", INT_MAX);
-				parser->toffset = 0;
+												  " for option XML_OPTION_SKIP_TAGSTART", INT_MAX);
 				RETURN_FALSE;
 			}
+			parser->toffset = (int) value_long;
 			break;
+		}
 		/* String option */
 		case PHP_XML_OPTION_TARGET_ENCODING: {
 			const xml_encoding *enc;