From 8c1b6b938fbc38bccdad55e4124a4eca783a7549 Mon Sep 17 00:00:00 2001
From: zeriyoshi <zeriyoshi@gmail.com>
Date: Wed, 20 Jul 2022 22:54:22 +0900
Subject: [PATCH 1/3] random: fix undefined behaviour

---
 ext/random/random.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/ext/random/random.c b/ext/random/random.c
index f8a94e65ee34e..ba40833318383 100644
--- a/ext/random/random.c
+++ b/ext/random/random.c
@@ -319,13 +319,13 @@ PHPAPI zend_object *php_random_engine_common_clone_object(zend_object *object)
 /* {{{ php_random_range */
 PHPAPI zend_long php_random_range(const php_random_algo *algo, php_random_status *status, zend_long min, zend_long max)
 {
-	zend_ulong umax = max - min;
+	zend_ulong umax = (zend_ulong) max - (zend_ulong) min;
 
 	if (PHP_RANDOM_ALGO_IS_DYNAMIC(algo) || algo->generate_size > sizeof(uint32_t) || umax > UINT32_MAX) {
-		return (zend_long) rand_range64(algo, status, umax) + min;
+		return (zend_long) (rand_range64(algo, status, umax) + min);
 	}
 
-	return (zend_long) rand_range32(algo, status, umax) + min;
+	return (zend_long) (rand_range32(algo, status, umax) + min);
 }
 /* }}} */
 

From 34dc686c2600ff5aa067f434d4046a39b7b010c2 Mon Sep 17 00:00:00 2001
From: Go Kudo <g-kudo@colopl.co.jp>
Date: Thu, 21 Jul 2022 12:39:01 +0900
Subject: [PATCH 2/3] random: remove PHP_RANDOM_ALGO_IS_DYNAMIC is only used in
 one place

---
 ext/random/php_random.h | 2 --
 ext/random/random.c     | 2 +-
 2 files changed, 1 insertion(+), 3 deletions(-)

diff --git a/ext/random/php_random.h b/ext/random/php_random.h
index 29dbccc91831c..a33b9779cd994 100644
--- a/ext/random/php_random.h
+++ b/ext/random/php_random.h
@@ -245,8 +245,6 @@ extern PHPAPI const php_random_algo php_random_algo_xoshiro256starstar;
 extern PHPAPI const php_random_algo php_random_algo_secure;
 extern PHPAPI const php_random_algo php_random_algo_user;
 
-# define PHP_RANDOM_ALGO_IS_DYNAMIC(algo)	((algo)->generate_size == 0)
-
 typedef struct _php_random_engine {
 	const php_random_algo *algo;
 	php_random_status *status;
diff --git a/ext/random/random.c b/ext/random/random.c
index ba40833318383..ff8f4bc191172 100644
--- a/ext/random/random.c
+++ b/ext/random/random.c
@@ -321,7 +321,7 @@ PHPAPI zend_long php_random_range(const php_random_algo *algo, php_random_status
 {
 	zend_ulong umax = (zend_ulong) max - (zend_ulong) min;
 
-	if (PHP_RANDOM_ALGO_IS_DYNAMIC(algo) || algo->generate_size > sizeof(uint32_t) || umax > UINT32_MAX) {
+	if (algo->generate_size == 0 || algo->generate_size > sizeof(uint32_t) || umax > UINT32_MAX) {
 		return (zend_long) (rand_range64(algo, status, umax) + min);
 	}
 

From 84b13860fb791df8c8d0df1c1ff12007dbed80a0 Mon Sep 17 00:00:00 2001
From: Go Kudo <g-kudo@colopl.co.jp>
Date: Fri, 22 Jul 2022 10:53:36 +0900
Subject: [PATCH 3/3] [CI skip] update NEWS

---
 NEWS | 1 +
 1 file changed, 1 insertion(+)

diff --git a/NEWS b/NEWS
index cf6bad8f5391f..4d69d57432179 100644
--- a/NEWS
+++ b/NEWS
@@ -51,6 +51,7 @@ PHP                                                                        NEWS
 
 - Random:
   . Added new random extension. (Go Kudo)
+  . Fixed bug GH-9066 (signed integer overflow). (zeriyoshi)
 
 - SPL:
   . Widen iterator_to_array() and iterator_count()'s $iterator parameter to