Check that int file descriptor is valid for posix_(isatty|ttyname)

Author: Girgias

ext/posix/posix.c

@@ -463,6 +463,11 @@ PHP_FUNCTION(posix_ttyname)
 				zend_zval_type_name(z_fd));
 			fd = zval_get_long(z_fd);
 		}
+		/* fd must fit in an int and be positive */
+		if (fd < 0 || fd > INT_MAX) {
+			php_error_docref(NULL, E_WARNING, "Argument #1 ($file_descriptor) must be between 0 and %d", INT_MAX);
+			RETURN_FALSE;
+		}
 	}
 #if defined(ZTS) && defined(HAVE_TTYNAME_R) && defined(_SC_TTY_NAME_MAX)
 	buflen = sysconf(_SC_TTY_NAME_MAX);
@@ -510,6 +515,10 @@ PHP_FUNCTION(posix_isatty)
 		}
 	}
 
+	/* A valid file descriptor must fit in an int and be positive */
+	if (fd < 0 || fd > INT_MAX) {
+		RETURN_FALSE;
+	}
 	if (isatty(fd)) {
 		RETURN_TRUE;
 	} else {

ext/posix/tests/posix_isatty_value_errors.phpt

@@ -0,0 +1,23 @@
+--TEST--
+posix_isatty(): errors for invalid file descriptors
+--EXTENSIONS--
+posix
+--SKIPIF--
+<?php
+if (PHP_INT_SIZE != 8) die('skip C int is same size as zend_long');
+?>
+--FILE--
+<?php
+
+$values = [
+    -1,
+    2**50+1,
+];
+
+foreach ($values as $value) {
+    var_dump(posix_isatty($value));
+}
+?>
+--EXPECT--
+bool(false)
+bool(false)

ext/posix/tests/posix_ttyname_value_errors.phpt

@@ -0,0 +1,26 @@
+--TEST--
+posix_ttyname(): errors for invalid file descriptors
+--EXTENSIONS--
+posix
+--SKIPIF--
+<?php
+if (PHP_INT_SIZE != 8) die('skip C int is same size as zend_long');
+?>
+--FILE--
+<?php
+
+$values = [
+    -1,
+    2**50+1,
+];
+
+foreach ($values as $value) {
+    var_dump(posix_ttyname($value));
+}
+?>
+--EXPECTF--
+Warning: posix_ttyname(): Argument #1 ($file_descriptor) must be between 0 and %d in %s on line %d
+bool(false)
+
+Warning: posix_ttyname(): Argument #1 ($file_descriptor) must be between 0 and %d in %s on line %d
+bool(false)