Merge branch 'PHP-7.0'

* PHP-7.0: (27 commits)
  fix #72519, possible OOB using imagegif
  fix #72512, invalid read or write for palette image when invalid transparent index is used
  Apparently some envs miss SIZE_MAX
  Fix tests
  Fix bug #72618: NULL Pointer Dereference in exif_process_user_comment
  Partial fix for bug #72613 - do not allow reading past error read
  Partial fix for bug #72613 - do not treat negative returns from bz2 as size_t
  Fix bug #72606: heap-buffer-overflow (write) simplestring_addn simplestring.c
  Fix for bug #72558, Integer overflow error within _gdContributionsAlloc()
  Fix bug #72603: Out of bound read in exif_process_IFD_in_MAKERNOTE
  update NEWS
  Fixed bug #72570 Segmentation fault when binding parameters on a query without placeholders
  Fix bug #72562 - destroy var_hash properly
  Fix bug #72551 and bug #72552 - check before converting size_t->int
  Fix bug #72541 - size_t overflow lead to heap corruption
  Fix bug #72533 (locale_accept_from_http out-of-bounds access)
  Fix fir bug #72520
  Fix for bug #72513
  Fix for bug #72513
  CS fix and comments with bug ID
  ...

Conflicts:
	ext/standard/basic_functions.c

1 files changed, 4 insertions, 0 deletions

diff --git a/ext/curl/interface.c b/ext/curl/interface.c
index 9449022119..6335b7ae8e 100644
--- a/ext/curl/interface.c
+++ b/ext/curl/interface.c
@@ -3608,6 +3608,10 @@ PHP_FUNCTION(curl_unescape)
 		RETURN_FALSE;
 	}
 
+	if (str_len > INT_MAX) {
+		RETURN_FALSE;
+	}
+
 	if ((out = curl_easy_unescape(ch->cp, str, str_len, &out_len))) {
 		RETVAL_STRINGL(out, out_len);
 		curl_free(out);