Description:
------------
PHP in 5.5.11 is returning incorrect results from substr_compare() when length is left as the default setting. In 5.5.10, it worked correctly.

String checks returning equal when they are not equal is a security hole. Any application checking the end of a string to equal something, perhaps a user name, password, perhaps the extension on file types, or other file paths, is now going to think things are equal when they in fact are not.

The documentation for this function: http://php.net/manual/en/function.substr-compare.php
States if the length parameter is not passed:
"The default value is the largest of the length of the str compared to the length of main_str less the offset."

Or in other words, max(main_str - offset, str), meaning it compares for whatever amount is left over in in the two strings.

However, in the included test, it seems lenth is always being set to 0.


Test script:
---------------
<?php
echo substr_compare('Cows',  'ws',  2), "\n";
echo substr_compare('Cows',  'ws',  -2), "\n";
echo substr_compare('Cows',  'ows',  3), "\n";
echo substr_compare('Cows',  'ows',  -3), "\n";
echo substr_compare('Cows',  'aws',  3), "\n";
echo substr_compare('Cows',  'aws',  -3), "\n";

Expected result:
----------------
0
0
4
0
18
14

Actual result:
--------------
0
0
0
0
0
0