Merge branch 'PHP-7.0.9' into PHP-7.0

* PHP-7.0.9: Partial fix for bug #72613 - do not allow reading past error read update NEWS Fixed bug #72570 Segmentation fault when binding parameters on a query without placeholders Fix bug #72551 and bug #72552 - check before converting size_t->int Fix bug #72541 - size_t overflow lead to heap corruption fix possible optimization bug set versions Conflicts: configure.in ext/pdo_pgsql/tests/bug72570.phpt main/php_version.h
author: Stanislav Malyshev <stas@php.net> 2016-07-19 01:08:18 -0700
committer: Stanislav Malyshev <stas@php.net> 2016-07-19 01:08:18 -0700
commit: e9a58bee24a4004e50a59d0d01927e6632d6da27 (patch)
tree: 9f4605167a174916e433c110c2cbe01096be0f81 /ext/curl/interface.c
parent: 905310d144d3afe6a0784d521a4e90fd07cfe343 (diff)
parent: 5faa15c4ce9d68a286a9ffe10ecbb897ebe95601 (diff)
download: php-git-e9a58bee24a4004e50a59d0d01927e6632d6da27.tar.gz
1 files changed, 4 insertions, 0 deletions
diff --git a/ext/curl/interface.c b/ext/curl/interface.c
index 6a616411ef..7d085de73c 100644
--- a/ext/curl/interface.c
+++ b/ext/curl/interface.c
@@ -3595,6 +3595,10 @@ PHP_FUNCTION(curl_unescape)
 		RETURN_FALSE;
 	}
 
+	if (str_len > INT_MAX) {
+		RETURN_FALSE;
+	}
+
 	if ((out = curl_easy_unescape(ch->cp, str, str_len, &out_len))) {
 		RETVAL_STRINGL(out, out_len);
 		curl_free(out);
author	Stanislav Malyshev <stas@php.net>	2016-07-19 01:08:18 -0700
committer	Stanislav Malyshev <stas@php.net>	2016-07-19 01:08:18 -0700
commit	e9a58bee24a4004e50a59d0d01927e6632d6da27 (patch)
tree	9f4605167a174916e433c110c2cbe01096be0f81 /ext/curl/interface.c
parent	905310d144d3afe6a0784d521a4e90fd07cfe343 (diff)
parent	5faa15c4ce9d68a286a9ffe10ecbb897ebe95601 (diff)
download	php-git-e9a58bee24a4004e50a59d0d01927e6632d6da27.tar.gz