UBSan: negation of LONG_MIN in ext/pdo_sqlite/pdo_sqlite.c leads to undefined behavior #20927
Description
Description
The following code:
<?php
$db = new Pdo\Sqlite('sqlite::memory:');
$db->exec('CREATE TABLE test (id STRING, data BLOB)');
$insert_stmt = $db->prepare("INSERT INTO test (id, data) VALUES (?, ?)");
$insert_stmt->bindValue(1, 'a', PDO::PARAM_STR);
$insert_stmt->bindValue(2, 'TEST TEST', PDO::PARAM_LOB);
$insert_stmt->execute();
$stream = $db->openBlob('test', 'data', 1);
fseek($stream, PHP_INT_MIN, SEEK_END);
var_dump(stream_get_contents($stream));
Resulted in this output:
sapi/cli/php z.php 1 ✘
/home/arshid/Desktop/php-src/ext/pdo_sqlite/pdo_sqlite.c:246:47: runtime error: negation of -9223372036854775808 cannot be represented in type 'zend_off_t' (aka 'long'); cast to an unsigned type to negate this value to itself
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /home/arshid/Desktop/php-src/ext/pdo_sqlite/pdo_sqlite.c:246:47 in
Configurations:
CC="clang-12" CXX="clang++-12" CFLAGS="-DZEND_VERIFY_TYPE_INFERENCE" CXXFLAGS="-DZEND_VERIFY_TYPE_INFERENCE" ./configure --enable-debug --enable-address-sanitizer --enable-undefined-sanitizer --enable-re2c-cgoto --enable-fpm --enable-litespeed --enable-phpdbg-debug --enable-zts --enable-bcmath --enable-calendar --enable-dba --enable-dl-test --enable-exif --enable-ftp --enable-gd --enable-gd-jis-conv --enable-mbstring --enable-pcntl --enable-shmop --enable-soap --enable-sockets --enable-sysvmsg --enable-zend-test --with-zlib --with-bz2 --with-curl --with-enchant --with-gettext --with-gmp --with-mhash --with-ldap --with-libedit --with-readline --with-snmp --with-sodium --with-xsl --with-zip --with-mysqli --with-pdo-mysql --with-pdo-pgsql --with-pgsql --with-sqlite3 --with-pdo-sqlite --with-webp --with-jpeg --with-freetype --enable-sigchild --with-readline --with-pcre-jit --with-iconvPHP Version
php -v ✔
PHP 8.4.13 (cli) (built: Oct 1 2025 20:34:15) (NTS)
Copyright (c) The PHP Group
Built by Debian
Zend Engine v4.4.13, Copyright (c) Zend Technologies
with Zend OPcache v8.4.13, Copyright (c), by Zend Technologies
Operating System
No response