From cf378f336867bb37e7edd806905889e9f3c13440 Mon Sep 17 00:00:00 2001
From: "Christoph M. Becker" <cmbecker69@gmx.de>
Date: Thu, 23 Apr 2020 14:49:26 +0200
Subject: [PATCH] Fix #36365: scandir duplicates file name at every 65535th
 file

Since DIR_W32.offset is declared as `uint16_t`, we have an overflow for
directories with many entries.  This patch changes the field to
`uint32_t`.
---
 ext/standard/tests/file/bug36365.phpt | 27 +++++++++++++++++++++++++++
 win32/readdir.h                       |  2 +-
 2 files changed, 28 insertions(+), 1 deletion(-)
 create mode 100644 ext/standard/tests/file/bug36365.phpt

diff --git a/ext/standard/tests/file/bug36365.phpt b/ext/standard/tests/file/bug36365.phpt
new file mode 100644
index 0000000000000..be1a6c5165558
--- /dev/null
+++ b/ext/standard/tests/file/bug36365.phpt
@@ -0,0 +1,27 @@
+--TEST--
+Bug #36365 (scandir duplicates file name at every 65535th file)
+--SKIPIF--
+<?php
+if (getenv("SKIP_SLOW_TESTS")) die('skip slow test');
+?>
+--FILE--
+<?php
+$testdir = __DIR__ . '/bug36365';
+
+mkdir($testdir);
+for ($i = 0; $i < 70000; $i++) {
+    touch(sprintf("$testdir/%05d.txt", $i));
+}
+
+var_dump(count(scandir($testdir)));
+?>
+--CLEAN--
+<?php
+$testdir = __DIR__ . '/bug36365';
+for ($i = 0; $i < 70000; $i++) {
+    unlink(sprintf("$testdir/%05d.txt", $i));
+}
+rmdir($testdir);
+?>
+--EXPECT--
+int(70002)
diff --git a/win32/readdir.h b/win32/readdir.h
index 61876f3dc10fc..cc8e1a9a2510c 100644
--- a/win32/readdir.h
+++ b/win32/readdir.h
@@ -26,7 +26,7 @@ struct dirent {
 /* typedef DIR - not the same as Unix */
 struct DIR_W32 {
 	HANDLE handle;			/* _findfirst/_findnext handle */
-	uint16_t offset;		/* offset into directory */
+	uint32_t offset;		/* offset into directory */
 	uint8_t finished;		/* 1 if there are not more files */
 	WIN32_FIND_DATAW fileinfo;	/* from _findfirst/_findnext */
 	wchar_t *dirw;			/* the dir we are reading */