Merge branch 'PHP-5.6' into PHP-7.0

* PHP-5.6:
  More string length checks & fixes

diff --cc ext/standard/exec.c
index 7bd3ef9f7fcc5ca2f1cc3a8e7ff7db6ae5f6c23b,88a6b4ab791885fe5122313f9a11533bcff60277..7e21bce09809dd36383091caa7379a330e502b30
--- 1/ext/standard/exec.c
--- 2/ext/standard/exec.c
+++ b/ext/standard/exec.c
@@@ -479,10 -488,11 +479,11 @@@ PHP_FUNCTION(escapeshellcmd
  
        if (command_len) {
                if (command_len != strlen(command)) {
 -                      php_error_docref(NULL TSRMLS_CC, E_ERROR, "Input string contains NULL bytes");
 +                      php_error_docref(NULL, E_ERROR, "Input string contains NULL bytes");
                        return;
                }
-               RETVAL_STR(php_escape_shell_cmd(command));
+               cmd = php_escape_shell_cmd(command);
+               RETVAL_STRINGL_CHECK(cmd, strlen(cmd), 0);
        } else {
                RETVAL_EMPTY_STRING();
        }
@@@ -502,10 -513,11 +503,11 @@@ PHP_FUNCTION(escapeshellarg
  
        if (argument) {
                if (argument_len != strlen(argument)) {
 -                      php_error_docref(NULL TSRMLS_CC, E_ERROR, "Input string contains NULL bytes");
 +                      php_error_docref(NULL, E_ERROR, "Input string contains NULL bytes");
                        return;
                }
-               RETVAL_STR(php_escape_shell_arg(argument));
+               cmd = php_escape_shell_arg(argument);
+               RETVAL_STRINGL_CHECK(cmd, strlen(cmd), 0);
        }
  }
  /* }}} */
@@@ -534,11 -547,11 +536,11 @@@ PHP_FUNCTION(shell_exec
        }
  
        stream = php_stream_fopen_from_pipe(in, "rb");
 -      total_readbytes = php_stream_copy_to_mem(stream, &ret, PHP_STREAM_COPY_ALL, 0);
 +      ret = php_stream_copy_to_mem(stream, PHP_STREAM_COPY_ALL, 0);
        php_stream_close(stream);
  
-       if (ret && ZSTR_LEN(ret) > 0) {
-               RETVAL_STR(ret);
+       if (total_readbytes > 0) {
+               RETVAL_STRINGL_CHECK(ret, total_readbytes, 0);
        }
  }
  /* }}} */