From 3f0ddb84bfe5bd43a3397e1dee2023374425cf48 Mon Sep 17 00:00:00 2001
From: David Carlier <devnexen@gmail.com>
Date: Sat, 12 Apr 2025 14:19:30 +0100
Subject: [PATCH 1/2] Fix GH-18281: making flock flags mutually exclusive.

---
 ext/standard/file.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/ext/standard/file.c b/ext/standard/file.c
index 4e136bedf5fab..d201c73ee68f5 100644
--- a/ext/standard/file.c
+++ b/ext/standard/file.c
@@ -181,6 +181,12 @@ PHP_MSHUTDOWN_FUNCTION(file) /* {{{ */
 }
 /* }}} */
 
+static inline bool php_is_valid_flock_flag(zend_long s) {
+	const zend_long sb = s & ~PHP_LOCK_NB;
+	return (sb == PHP_LOCK_UN || sb == PHP_LOCK_SH ||
+		sb == PHP_LOCK_EX || s == -1);
+}
+
 PHPAPI void php_flock_common(php_stream *stream, zend_long operation,
 	uint32_t operation_arg_num, zval *wouldblock, zval *return_value)
 {
@@ -188,7 +194,7 @@ PHPAPI void php_flock_common(php_stream *stream, zend_long operation,
 	int act;
 
 	act = operation & PHP_LOCK_UN;
-	if (act < 1 || act > 3) {
+	if (act < 1 || act > 3 || !php_is_valid_flock_flag(operation)) {
 		zend_argument_value_error(operation_arg_num, "must be one of LOCK_SH, LOCK_EX, or LOCK_UN");
 		RETURN_THROWS();
 	}

From 46151dea93cc3f2a641c88fc78cbc80e450b66b9 Mon Sep 17 00:00:00 2001
From: David Carlier <devnexen@gmail.com>
Date: Sun, 13 Apr 2025 14:57:51 +0100
Subject: [PATCH 2/2] discard -1

---
 ext/standard/file.c                | 4 ++--
 ext/standard/tests/file/flock.phpt | 8 ++++++--
 2 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/ext/standard/file.c b/ext/standard/file.c
index d201c73ee68f5..40941bf024409 100644
--- a/ext/standard/file.c
+++ b/ext/standard/file.c
@@ -184,7 +184,7 @@ PHP_MSHUTDOWN_FUNCTION(file) /* {{{ */
 static inline bool php_is_valid_flock_flag(zend_long s) {
 	const zend_long sb = s & ~PHP_LOCK_NB;
 	return (sb == PHP_LOCK_UN || sb == PHP_LOCK_SH ||
-		sb == PHP_LOCK_EX || s == -1);
+		sb == PHP_LOCK_EX);
 }
 
 PHPAPI void php_flock_common(php_stream *stream, zend_long operation,
@@ -194,7 +194,7 @@ PHPAPI void php_flock_common(php_stream *stream, zend_long operation,
 	int act;
 
 	act = operation & PHP_LOCK_UN;
-	if (act < 1 || act > 3 || !php_is_valid_flock_flag(operation)) {
+	if (!php_is_valid_flock_flag(operation)) {
 		zend_argument_value_error(operation_arg_num, "must be one of LOCK_SH, LOCK_EX, or LOCK_UN");
 		RETURN_THROWS();
 	}
diff --git a/ext/standard/tests/file/flock.phpt b/ext/standard/tests/file/flock.phpt
index a3c1804584023..16609fb5d9939 100644
--- a/ext/standard/tests/file/flock.phpt
+++ b/ext/standard/tests/file/flock.phpt
@@ -31,7 +31,11 @@ var_dump($would);
 var_dump(flock($fp, LOCK_UN, $would));
 var_dump($would);
 
-var_dump(flock($fp, -1));
+try {
+    var_dump(flock($fp, -1));
+} catch (\ValueError $e) {
+    echo $e->getMessage() . \PHP_EOL;
+}
 
 try {
     var_dump(flock($fp, 0));
@@ -59,5 +63,5 @@ bool(true)
 int(0)
 bool(true)
 int(0)
-bool(true)
+flock(): Argument #2 ($operation) must be one of LOCK_SH, LOCK_EX, or LOCK_UN
 flock(): Argument #2 ($operation) must be one of LOCK_SH, LOCK_EX, or LOCK_UN