Fixed bug #68225 unpack and X format code

This is done by reverting some parts to the state of pre 7, whereby
that means all the size_t potential isn't exhausted. This might be
a subject of the subsequent fix, the functionality can be ensured
with the supplied test.

Author: weltling

ext/standard/pack.c

@@ -560,7 +560,7 @@ PHP_FUNCTION(unpack)
 {
 	char *format, *input;
 	zend_string *formatarg, *inputarg;
-	size_t formatlen, inputpos, inputlen;
+	zend_long formatlen, inputpos, inputlen;
 	int i;
 
 	if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "SS", &formatarg, 
@@ -717,7 +717,7 @@ PHP_FUNCTION(unpack)
 				inputpos = 0;
 			}
 
-			if ((size >=0 && (inputpos + size) <= inputlen) || (size < 0 && -size <= (inputlen - inputpos))) {
+			if ((inputpos + size) <= inputlen) {
 				switch ((int) type) {
 					case 'a': {
 						/* a will not strip any trailing whitespace or null padding */

ext/standard/tests/strings/unpack_bug68225.phpt

@@ -0,0 +1,39 @@
+--TEST--
+Bug #68225 unpack and X format code
+--FILE--
+<?php
+
+$data = pack('VV', 1, 2);
+
+$result = unpack('Va/X' ,$data);
+var_dump($result);
+
+$result = unpack('Va/X4' ,$data);
+var_dump($result);
+
+$result = unpack('V1a/X4/V1b/V1c/X4/V1d', $data);
+var_dump($result);
+
+?>
+===DONE===
+--EXPECTF--
+array(1) {
+  ["a"]=>
+  int(1)
+}
+array(1) {
+  ["a"]=>
+  int(1)
+}
+array(4) {
+  ["a"]=>
+  int(1)
+  ["b"]=>
+  int(1)
+  ["c"]=>
+  int(2)
+  ["d"]=>
+  int(2)
+}
+===DONE===
+