fix: return FAILURE on overflow

jorgsowa · jorgsowa · commit 83991b6530da · 2026-04-14T23:36:45.000+02:00
diff --git a/ext/session/session.c b/ext/session/session.c
@@ -713,19 +713,13 @@ static PHP_INI_MH(OnUpdateCookieLifetime)
 		if (oflow != 0) {
 			php_error_docref(NULL, E_WARNING, "session.cookie_lifetime must be between 0 and " ZEND_LONG_FMT, maxcookie);
 		} else {
-			php_error_docref(NULL, E_WARNING, "session.cookie_lifetime must be an integer");
+			php_error_docref(NULL, E_WARNING, "session.cookie_lifetime must be of type int");
 		}
 		return FAILURE;
 	}
-	if (lval < 0) {
+	if (lval < 0 || lval > maxcookie) {
 		php_error_docref(NULL, E_WARNING, "session.cookie_lifetime must be between 0 and " ZEND_LONG_FMT, maxcookie);
 		return FAILURE;
-	} else if (lval > maxcookie) {
-		php_error_docref(NULL, E_WARNING, "session.cookie_lifetime must be between 0 and " ZEND_LONG_FMT ", value clamped to maximum", maxcookie);
-		zend_long *p = ZEND_INI_GET_ADDR();
-		*p = maxcookie;
-		entry->value = zend_long_to_str(maxcookie);
-		return SUCCESS;
 	}
 
 	return OnUpdateLongGEZero(entry, new_value, mh_arg1, mh_arg2, mh_arg3, stage);
diff --git a/ext/session/tests/gh16290.phpt b/ext/session/tests/gh16290.phpt
@@ -12,5 +12,5 @@ echo "DONE";
 ob_end_flush();
 ?>
 --EXPECTF--
-Warning: session_set_cookie_params(): session.cookie_lifetime must be between 0 and %d, value clamped to maximum in %s on line %d
+Warning: session_set_cookie_params(): session.cookie_lifetime must be between 0 and %d in %s on line %d
 DONE
diff --git a/ext/session/tests/session_cookie_lifetime_invalid.phpt b/ext/session/tests/session_cookie_lifetime_invalid.phpt
@@ -1,5 +1,5 @@
 --TEST--
-session.cookie_lifetime rejects non-integer values
+session.cookie_lifetime rejects invalid values
 --EXTENSIONS--
 session
 --SKIPIF--
@@ -27,17 +27,29 @@ var_dump(ini_get("session.cookie_lifetime"));
 ini_set("session.cookie_lifetime", "-99999999999999999999");
 var_dump(ini_get("session.cookie_lifetime"));
 
+// Overflow values are rejected
+ini_set("session.cookie_lifetime", PHP_INT_MAX);
+var_dump(ini_get("session.cookie_lifetime"));
+
+// Valid values still work after rejection
+ini_set("session.cookie_lifetime", 200);
+var_dump(ini_get("session.cookie_lifetime"));
+
 ob_end_flush();
 ?>
 --EXPECTF--
-Warning: ini_set(): session.cookie_lifetime must be an integer in %s on line %d
+Warning: ini_set(): session.cookie_lifetime must be of type int in %s on line %d
 string(3) "100"
 
-Warning: ini_set(): session.cookie_lifetime must be an integer in %s on line %d
+Warning: ini_set(): session.cookie_lifetime must be of type int in %s on line %d
+string(3) "100"
+
+Warning: ini_set(): session.cookie_lifetime must be between 0 and %d in %s on line %d
 string(3) "100"
 
 Warning: ini_set(): session.cookie_lifetime must be between 0 and %d in %s on line %d
 string(3) "100"
 
 Warning: ini_set(): session.cookie_lifetime must be between 0 and %d in %s on line %d
 string(3) "100"
+string(3) "200"
diff --git a/ext/session/tests/session_cookie_lifetime_overflow.phpt b/ext/session/tests/session_cookie_lifetime_overflow.phpt
