File php-5.1.2-phpbug-37394.patch of Package php

--- ext/standard/string.c	2006/03/13 14:37:10	1.445.2.10
+++ ext/standard/string.c	2006/05/10 13:07:15	1.445.2.14.2.1
@@ -18,7 +18,7 @@
    +----------------------------------------------------------------------+
  */
 
-/* $Id: string.c,v 1.445.2.10 2006/03/13 14:37:10 iliaa Exp $ */
+/* $Id: string.c,v 1.445.2.14.2.1 2006/05/10 13:07:15 iliaa Exp $ */
 
 /* Synced with php 3.0 revision 1.193 1999-06-16 [ssb] */
 
@@ -4474,7 +4474,7 @@
 	if (ac > 2) {
 		convert_to_long_ex(offset);
 		if (Z_LVAL_PP(offset) < 0) {
-			php_error_docref(NULL TSRMLS_CC, E_WARNING, "Offset should be greater then or equal to 0.");
+			php_error_docref(NULL TSRMLS_CC, E_WARNING, "Offset should be greater than or equal to 0.");
 			RETURN_FALSE;		
 		}
 		p += Z_LVAL_PP(offset);
@@ -4884,13 +4884,19 @@
 		RETURN_FALSE;
 	}
 
-	if (len && offset >= s1_len) {
-		php_error_docref(NULL TSRMLS_CC, E_WARNING, "The start position cannot exceed initial string length.");
+	if (ZEND_NUM_ARGS() >= 4 && len <= 0) {
+		php_error_docref(NULL TSRMLS_CC, E_WARNING, "The length must be greater than zero");
 		RETURN_FALSE;
 	}
 
 	if (offset < 0) {
 		offset = s1_len + offset;
+		offset = (offset < 0) ? 0 : offset;
+	}
+
+	if ((offset + len) > s1_len) {
+		php_error_docref(NULL TSRMLS_CC, E_WARNING, "The start position cannot exceed initial string length");
+		RETURN_FALSE;
 	}
 
 	cmp_len = (uint) (len ? len : MAX(s2_len, (s1_len - offset)));