From 12d8be7cfbfc0ec2d8c745ce48e709cadc72f796 Mon Sep 17 00:00:00 2001
From: arshidkv12 <arshidkv12@gmail.com>
Date: Fri, 6 Feb 2026 17:46:09 +0530
Subject: [PATCH 1/2] ext/standard: validate mode is within 0..07777

---
 ext/standard/file.c                             |  5 +++++
 ext/standard/tests/file/mkdir_invalid_mode.phpt | 12 ++++++++++++
 2 files changed, 17 insertions(+)
 create mode 100644 ext/standard/tests/file/mkdir_invalid_mode.phpt

diff --git a/ext/standard/file.c b/ext/standard/file.c
index a7b73f1fe56eb..ca24b34eb8c4f 100644
--- a/ext/standard/file.c
+++ b/ext/standard/file.c
@@ -1087,6 +1087,11 @@ PHP_FUNCTION(mkdir)
 		Z_PARAM_RESOURCE_OR_NULL(zcontext)
 	ZEND_PARSE_PARAMETERS_END();
 
+	if (mode < 0 || (mode & ~07777)) {
+		zend_argument_value_error(2, "must be between 0 and 0o7777");
+		RETURN_THROWS();
+	}
+
 	context = php_stream_context_from_zval(zcontext, 0);
 
 	RETURN_BOOL(php_stream_mkdir(dir, (int)mode, (recursive ? PHP_STREAM_MKDIR_RECURSIVE : 0) | REPORT_ERRORS, context));
diff --git a/ext/standard/tests/file/mkdir_invalid_mode.phpt b/ext/standard/tests/file/mkdir_invalid_mode.phpt
new file mode 100644
index 0000000000000..ffabfe7b6999f
--- /dev/null
+++ b/ext/standard/tests/file/mkdir_invalid_mode.phpt
@@ -0,0 +1,12 @@
+--TEST--
+mkdir(): invalid mode
+--FILE--
+<?php
+try {
+    mkdir(__DIR__ . '/testdir', 1000000);
+} catch (ValueError $e) {
+    echo $e->getMessage(), PHP_EOL;
+}
+?>
+--EXPECT--
+mkdir(): Argument #2 ($permissions) must be between 0 and 0o7777
\ No newline at end of file

From ea473b7b85318b0b6103f2cd3784b97629444d03 Mon Sep 17 00:00:00 2001
From: arshidkv12 <arshidkv12@gmail.com>
Date: Fri, 6 Feb 2026 17:47:39 +0530
Subject: [PATCH 2/2] ext/standard: validate mode is within 0..07777

---
 ext/standard/tests/file/mkdir_invalid_mode.phpt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ext/standard/tests/file/mkdir_invalid_mode.phpt b/ext/standard/tests/file/mkdir_invalid_mode.phpt
index ffabfe7b6999f..b45ad204cb3e1 100644
--- a/ext/standard/tests/file/mkdir_invalid_mode.phpt
+++ b/ext/standard/tests/file/mkdir_invalid_mode.phpt
@@ -9,4 +9,4 @@ try {
 }
 ?>
 --EXPECT--
-mkdir(): Argument #2 ($permissions) must be between 0 and 0o7777
\ No newline at end of file
+mkdir(): Argument #2 ($permissions) must be between 0 and 0o7777