Merge branch 'PHP-8.4'

* PHP-8.4:
  Fix GH-18901: integer overflow mb_split

Author: nielsdos

ext/mbstring/php_mbregex.c

@@ -1178,7 +1178,7 @@ PHP_FUNCTION(mb_split)
 	size_t string_len;
 
 	int err;
-	zend_long count = -1;
+	zend_ulong count = -1; /* unsigned, it's a limit and we want to prevent signed overflow */
 
 	if (zend_parse_parameters(ZEND_NUM_ARGS(), "ss|l", &arg_pattern, &arg_pattern_len, &string, &string_len, &count) == FAILURE) {
 		RETURN_THROWS();

ext/mbstring/tests/gh18901.phpt

@@ -0,0 +1,54 @@
+--TEST--
+GH-18901 (integer overflow mb_split)
+--EXTENSIONS--
+mbstring
+--SKIPIF--
+<?php
+if (!function_exists('mb_split')) die('skip mb_split() not available');
+?>
+--FILE--
+<?php
+$vals = [PHP_INT_MIN, PHP_INT_MAX, -1, 0, 1];
+foreach ($vals as $val) {
+    var_dump(mb_split('\d', '123', $val));
+}
+?>
+--EXPECT--
+array(4) {
+  [0]=>
+  string(0) ""
+  [1]=>
+  string(0) ""
+  [2]=>
+  string(0) ""
+  [3]=>
+  string(0) ""
+}
+array(4) {
+  [0]=>
+  string(0) ""
+  [1]=>
+  string(0) ""
+  [2]=>
+  string(0) ""
+  [3]=>
+  string(0) ""
+}
+array(4) {
+  [0]=>
+  string(0) ""
+  [1]=>
+  string(0) ""
+  [2]=>
+  string(0) ""
+  [3]=>
+  string(0) ""
+}
+array(1) {
+  [0]=>
+  string(3) "123"
+}
+array(1) {
+  [0]=>
+  string(3) "123"
+}