Fix phpGH-14774 time_sleep_until overflow.

Author: devnexen

NEWS

@@ -42,6 +42,7 @@ PHP                                                                        NEWS
 
 - Standard:
   . Fix 32-bit wordwrap test failures. (orlitzky)
+  . Fixed bug GH-14774 (time_sleep_until overflow). (David Carlier)
 
 - Treewide:
   . Fix compatibility with libxml2 2.13.2. (nielsdos)

ext/standard/basic_functions.c

@@ -1228,6 +1228,7 @@ PHP_FUNCTION(time_sleep_until)
 	struct timespec php_req, php_rem;
 	uint64_t current_ns, target_ns, diff_ns;
 	const uint64_t ns_per_sec = 1000000000;
+	const double top_target_sec = (double)(UINT64_MAX / ns_per_sec);
 
 	ZEND_PARSE_PARAMETERS_START(1, 1)
 		Z_PARAM_DOUBLE(target_secs)
@@ -1237,6 +1238,11 @@ PHP_FUNCTION(time_sleep_until)
 		RETURN_FALSE;
 	}
 
+	if (UNEXPECTED(!(target_secs >= 0 && target_secs <= top_target_sec))) {
+		zend_argument_value_error(1, "must be between 0 and %" PRIu64, (uint64_t)top_target_sec);
+		RETURN_THROWS();
+	}
+
 	target_ns = (uint64_t) (target_secs * ns_per_sec);
 	current_ns = ((uint64_t) tm.tv_sec) * ns_per_sec + ((uint64_t) tm.tv_usec) * 1000;
 	if (target_ns < current_ns) {

ext/standard/tests/misc/gh14774.phpt

@@ -0,0 +1,23 @@
+--TEST--
+GH-14774 time_sleep_until overflow
+--SKIPIF--
+<?php
+if (PHP_INT_SIZE != 8) die("skip this test is for 64bit platform only");
+?>
+--FILE--
+<?php
+foreach([INF, -INF, 10e300, -10e300, NAN, -NAN] as $var) {
+	try {
+		time_sleep_until($var);
+	} catch (\ValueError $e) {
+		echo $e->getMessage() . PHP_EOL;
+	}
+}
+?>
+--EXPECTF--
+time_sleep_until(): Argument #1 ($timestamp) must be between 0 and %d
+time_sleep_until(): Argument #1 ($timestamp) must be between 0 and %d
+time_sleep_until(): Argument #1 ($timestamp) must be between 0 and %d
+time_sleep_until(): Argument #1 ($timestamp) must be between 0 and %d
+time_sleep_until(): Argument #1 ($timestamp) must be between 0 and %d
+time_sleep_until(): Argument #1 ($timestamp) must be between 0 and %d