From: Anatol Belski <ab@php.net>
Date: Tue, 5 Jul 2016 08:03:40 +0000 (+0200)
Subject: fix datatype and add range check
X-Git-Tag: php-7.1.0alpha3~21
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=14bdd8246c50b55d1ddf838b45de34065e8613c4;p=php

fix datatype and add range check
---

diff --git a/ext/intl/uchar/uchar.c b/ext/intl/uchar/uchar.c
index abb3e59671..272cb22157 100644
--- a/ext/intl/uchar/uchar.c
+++ b/ext/intl/uchar/uchar.c
@@ -8,10 +8,17 @@
 
 static inline int convert_cp(UChar32* pcp, zval *zcp) {
 	zend_long cp = -1;
+
+	if (ZEND_SIZE_T_INT_OVFL(Z_STRLEN_P(zcp))) {
+		intl_error_set_code(NULL, U_ILLEGAL_ARGUMENT_ERROR);
+		intl_error_set_custom_msg(NULL, "Input string is too long.", 0);
+		return FAILURE;
+	}
+
 	if (Z_TYPE_P(zcp) == IS_LONG) {
 		cp = Z_LVAL_P(zcp);
 	} else if (Z_TYPE_P(zcp) == IS_STRING) {
-		size_t i = 0;
+		int32_t i = 0;
 		U8_NEXT(Z_STRVAL_P(zcp), i, Z_STRLEN_P(zcp), cp);
 		if (i != Z_STRLEN_P(zcp)) {
 			intl_error_set_code(NULL, U_ILLEGAL_ARGUMENT_ERROR);