From: Stanislav Malyshev <stas@php.net>
Date: Sun, 6 Jan 2019 20:50:10 +0000 (-0800)
Subject: Merge branch 'PHP-7.3'
X-Git-Tag: php-7.4.0alpha1~1282
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=0f148839b5944df8f36624df53aa8d7199718f19;p=php

Merge branch 'PHP-7.3'

* PHP-7.3:
  Fix #77367: Negative size parameter in mb_split
  Fix #77369 - memcpy with negative length via crafted DNS response
  Fix more issues with encodilng length
  Fix #77270: imagecolormatch Out Of Bounds Write on Heap
  Fix bug #77380  (Global out of bounds read in xmlrpc base64 code)
  Fix bug #77371 (heap buffer overflow in mb regex functions - compile_string_node)
  Fix bug #77370 - check that we do not read past buffer end when parsing multibytes
  Fix #77269: Potential unsigned underflow in gdImageScale
  Fix bug #77247 (heap buffer overflow in phar_detect_phar_fname_ext)
  Fix bug #77242 (heap out of bounds read in xmlrpc_decode())
  Regenerate certs for openssl tests
---

0f148839b5944df8f36624df53aa8d7199718f19
diff --cc ext/standard/dns.c
index 6b542408cd,c06fa04f89..50f81153a5
--- a/ext/standard/dns.c
+++ b/ext/standard/dns.c
@@@ -454,7 -454,11 +454,11 @@@ static u_char *php_parserr(u_char *cp, 
  	GETLONG(ttl, cp);
  	GETSHORT(dlen, cp);
  	CHECKCP(dlen);
- 	if (type_to_fetch != DNS_T_ANY && type != type_to_fetch) {
 -	if (dlen == 0) {
 -		/* No data in the response - nothing to do */
 -		return NULL;
 -	}
 -	if (type_to_fetch != T_ANY && type != type_to_fetch) {
++    if (dlen == 0) {
++        /* No data in the response - nothing to do */
++        return NULL;
++    }
++    if (type_to_fetch != DNS_T_ANY && type != type_to_fetch) {
  		cp += dlen;
  		return cp;
  	}