Description:
------------
Everyone is worried about producing a block hole in LHC, but no one is watching evil PHP programmers at their homes. After years of hard work I made it! Black hole is alive, it consumes everything... it even forced strlen() to provide value below 0 ;)

Speaking serious when I saw documentation note about strings length ("Note: string can be as large as up to 2GB (2147483647 bytes maximum)") I instantly started wondering if it's possible to break that limit and what will happen after.
After some experiments I observed that some functions can create strings bigger than 2147483647 bytes.

First script result looks funny but it's little boring. I started digging more and created second one. After even more digging I noticed memory allocation problem (3rd script) but what's the fun without segfault?
Finally I created segfault using 4rd script. Unfortunately I'm unable to provide backtrace since I don't have machine with newest PHP build with debug enabled.


So yeah, string boundaries can be exploited and than PHP starts behaving strangely ;)

Test script:
---------------
<?php
ini_set('memory_limit', '10G');
$size = (1024 * 1024 * 1024); //1 gigabyte
$test = str_repeat('a', $size);
$test2 = $test.$test;
//Result: PHP Fatal error:  Allowed memory size of 10737418240 bytes exhausted (tried to allocate 18446744071562067969 bytes)

------------------------------------
<?php
ini_set('memory_limit', '10G');
$size = (1024 * 1024 * 1024); //1 gigabyte
$test = str_repeat('a', $size);
$test2 = str_repeat($test, 2);
var_dump(strlen($test2)); //Result: -2
echo $test2; //Prints nothing


------------------------------------
<?php
ini_set('memory_limit', '10G');
$size = 2147483648;
$test = str_repeat('a', $size);
strlen( substr( str_repeat($test, 2), 1) );

------------------------------------
<?php
ini_set('memory_limit', '10G');
$size = 2147483648;
$test = str_repeat('a', $size);
$x[$test] = '';

var_dump($x);