Fix #73533: Invalid memory access in php_libxml_xmlCheckUTF8

A string passed to `php_libxml_xmlCheckUTF8()` may be longer than
1<<31-1 bytes, so we're better using a `size_t`.

Closes GH-6802.

diff --git a/NEWS b/NEWS
index eef3b0302c3a9d64d61d270d752f230053adbeee..170883ec5d48b5afb1814e906875d8d6e7cfd352 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -9,6 +9,9 @@ PHP                                                                        NEWS
   . Fixed bug #80024 (Duplication of info about inherited socket after pool
     removing). (Jakub Zelenka)
 
+- LibXML:
+  . Fixed bug #73533 (Invalid memory access in php_libxml_xmlCheckUTF8). (cmb)
+
 - PDO_ODBC:
   . Fixed bug #80783 (PDO ODBC truncates BLOB records at every 256th byte).
     (cmb)

diff --git a/ext/libxml/libxml.c b/ext/libxml/libxml.c
index e21d6fdbbe98cb6593ef0b423d7035cb638f7ba7..fc194770e1013849577e8815be40a1eb737f40d6 100644 (file)
--- a/ext/libxml/libxml.c
+++ b/ext/libxml/libxml.c
@@ -1182,7 +1182,7 @@ static PHP_FUNCTION(libxml_set_external_entity_loader)
 /* {{{ Common functions shared by extensions */
 int php_libxml_xmlCheckUTF8(const unsigned char *s)
 {
-       int i;
+       size_t i;
        unsigned char c;
 
        for (i = 0; (c = s[i++]);) {