From: Christoph M. Becker <cmbecker69@gmx.de>
Date: Tue, 23 Mar 2021 15:13:57 +0000 (+0100)
Subject: Fix #73533: Invalid memory access in php_libxml_xmlCheckUTF8
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=refs%2Fheads%2FPHP-7.4;p=php

Fix #73533: Invalid memory access in php_libxml_xmlCheckUTF8

A string passed to `php_libxml_xmlCheckUTF8()` may be longer than
1<<31-1 bytes, so we're better using a `size_t`.

Closes GH-6802.
---

diff --git a/NEWS b/NEWS
index eef3b0302c..170883ec5d 100644
--- a/NEWS
+++ b/NEWS
@@ -9,6 +9,9 @@ PHP                                                                        NEWS
   . Fixed bug #80024 (Duplication of info about inherited socket after pool
     removing). (Jakub Zelenka)
 
+- LibXML:
+  . Fixed bug #73533 (Invalid memory access in php_libxml_xmlCheckUTF8). (cmb)
+
 - PDO_ODBC:
   . Fixed bug #80783 (PDO ODBC truncates BLOB records at every 256th byte).
     (cmb)
diff --git a/ext/libxml/libxml.c b/ext/libxml/libxml.c
index e21d6fdbbe..fc194770e1 100644
--- a/ext/libxml/libxml.c
+++ b/ext/libxml/libxml.c
@@ -1182,7 +1182,7 @@ static PHP_FUNCTION(libxml_set_external_entity_loader)
 /* {{{ Common functions shared by extensions */
 int php_libxml_xmlCheckUTF8(const unsigned char *s)
 {
-	int i;
+	size_t i;
 	unsigned char c;
 
 	for (i = 0; (c = s[i++]);) {