Fix bug #72551 and bug #72552 - check before converting size_t->int

diff --git a/ext/mcrypt/mcrypt.c b/ext/mcrypt/mcrypt.c
index fb5c638c97fe9f49f883cfa5d87d52642ac43538..73acaa29f2def158e4a5c808805c316a939de4fd 100644 (file)
--- a/ext/mcrypt/mcrypt.c
+++ b/ext/mcrypt/mcrypt.c
@@ -645,6 +645,10 @@ PHP_FUNCTION(mcrypt_generic)
                memset(ZSTR_VAL(data_str), 0, data_size);
                memcpy(ZSTR_VAL(data_str), data, data_len);
        } else { /* It's not a block algorithm */
+               if (data_len > INT_MAX) {
+                       php_error_docref(NULL, E_WARNING, "Data size too large, %d maximum", INT_MAX);
+                       RETURN_FALSE;
+               }
                data_size = (int)data_len;
                data_str = zend_string_alloc(data_size, 0);
                memset(ZSTR_VAL(data_str), 0, data_size);
@@ -695,6 +699,10 @@ PHP_FUNCTION(mdecrypt_generic)
                memset(data_s, 0, data_size);
                memcpy(data_s, data, data_len);
        } else { /* It's not a block algorithm */
+               if (data_len > INT_MAX) {
+                       php_error_docref(NULL, E_WARNING, "Data size too large, %d maximum", INT_MAX);
+                       RETURN_FALSE;
+               }
                data_size = (int)data_len;
                data_s = emalloc(data_size + 1);
                memset(data_s, 0, data_size);