From 0f5a7d0a801ed0a5f09eae5c00699ac04668b687 Mon Sep 17 00:00:00 2001
From: Niels Dossche <7771979+ndossche@users.noreply.github.com>
Date: Fri, 26 Dec 2025 13:58:01 +0100
Subject: [PATCH 1/3] Add test with wrong result

---
 ext/zlib/tests/gzseek_seek_oob.phpt | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)
 create mode 100644 ext/zlib/tests/gzseek_seek_oob.phpt

diff --git a/ext/zlib/tests/gzseek_seek_oob.phpt b/ext/zlib/tests/gzseek_seek_oob.phpt
new file mode 100644
index 0000000000000..7156d1671a56d
--- /dev/null
+++ b/ext/zlib/tests/gzseek_seek_oob.phpt
@@ -0,0 +1,20 @@
+--TEST--
+Test function gzseek() by seeking out of bounds
+--EXTENSIONS--
+zlib
+--FILE--
+<?php
+$f = __DIR__."/004.txt.gz";
+$h = gzopen($f, 'r');
+
+var_dump(gzseek($h, -100, SEEK_CUR));
+var_dump(gzseek($h, 0, SEEK_CUR));
+var_dump(gztell($h));
+
+gzclose($h);
+?>
+--EXPECTF--
+int(-1)
+php: %s: _php_stream_seek: Assertion `stream->position >= 0' failed.
+
+Termsig=6

From 83f8f243198f85e53c8bde0653d57f56b755ab06 Mon Sep 17 00:00:00 2001
From: Niels Dossche <7771979+ndossche@users.noreply.github.com>
Date: Fri, 26 Dec 2025 13:59:06 +0100
Subject: [PATCH 2/3] Fix OOB gzseek() causing assertion failure

---
 ext/zlib/tests/gzseek_seek_oob.phpt | 7 +++----
 ext/zlib/zlib_fopen_wrapper.c       | 9 +++++++--
 2 files changed, 10 insertions(+), 6 deletions(-)

diff --git a/ext/zlib/tests/gzseek_seek_oob.phpt b/ext/zlib/tests/gzseek_seek_oob.phpt
index 7156d1671a56d..021f8cb174dab 100644
--- a/ext/zlib/tests/gzseek_seek_oob.phpt
+++ b/ext/zlib/tests/gzseek_seek_oob.phpt
@@ -13,8 +13,7 @@ var_dump(gztell($h));
 
 gzclose($h);
 ?>
---EXPECTF--
+--EXPECT--
 int(-1)
-php: %s: _php_stream_seek: Assertion `stream->position >= 0' failed.
-
-Termsig=6
+int(0)
+int(0)
diff --git a/ext/zlib/zlib_fopen_wrapper.c b/ext/zlib/zlib_fopen_wrapper.c
index 31b5212a720ac..c98e53bfd734a 100644
--- a/ext/zlib/zlib_fopen_wrapper.c
+++ b/ext/zlib/zlib_fopen_wrapper.c
@@ -94,9 +94,14 @@ static int php_gziop_seek(php_stream *stream, zend_off_t offset, int whence, zen
 		php_error_docref(NULL, E_WARNING, "SEEK_END is not supported");
 		return -1;
 	}
-	*newoffs = gzseek(self->gz_file, offset, whence);
 
-	return (*newoffs < 0) ? -1 : 0;
+	off_t new_offset = gzseek(self->gz_file, offset, whence);
+	if (new_offset < 0) {
+		return -1;
+	}
+
+	*newoffs = new_offset;
+	return 0;
 }
 
 static int php_gziop_close(php_stream *stream, int close_handle)

From 52fcfd70bb9c1ea2a1cf7985fc45928e9557af78 Mon Sep 17 00:00:00 2001
From: Niels Dossche <7771979+ndossche@users.noreply.github.com>
Date: Fri, 26 Dec 2025 15:07:33 +0100
Subject: [PATCH 3/3] make it z_off_t

---
 ext/zlib/zlib_fopen_wrapper.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ext/zlib/zlib_fopen_wrapper.c b/ext/zlib/zlib_fopen_wrapper.c
index c98e53bfd734a..da948af37ffc6 100644
--- a/ext/zlib/zlib_fopen_wrapper.c
+++ b/ext/zlib/zlib_fopen_wrapper.c
@@ -95,7 +95,7 @@ static int php_gziop_seek(php_stream *stream, zend_off_t offset, int whence, zen
 		return -1;
 	}
 
-	off_t new_offset = gzseek(self->gz_file, offset, whence);
+	z_off_t new_offset = gzseek(self->gz_file, offset, whence);
 	if (new_offset < 0) {
 		return -1;
 	}