From 72dbb7f416160f490c4e9987040989a10ad431c7 Mon Sep 17 00:00:00 2001
From: Stanislav Malyshev <stas@php.net>
Date: Wed, 3 Aug 2016 00:58:55 -0700
Subject: [PATCH] Fix bug #72674 - check both curl_escape and curl_unescape

---
 ext/curl/interface.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/ext/curl/interface.c b/ext/curl/interface.c
index be15785cd0..7069710ece 100644
--- a/ext/curl/interface.c
+++ b/ext/curl/interface.c
@@ -3517,7 +3517,7 @@ PHP_FUNCTION(curl_reset)
 PHP_FUNCTION(curl_escape)
 {
 	char       *str = NULL, *res = NULL;
-	size_t        str_len = 0;
+	size_t     str_len = 0;
 	zval       *zid;
 	php_curl   *ch;
 
@@ -3529,6 +3529,10 @@ PHP_FUNCTION(curl_escape)
 		RETURN_FALSE;
 	}
 
+	if (ZEND_SIZE_T_INT_OVFL(str_len)) {
+		RETURN_FALSE;
+	}
+
 	if ((res = curl_easy_escape(ch->cp, str, str_len))) {
 		RETVAL_STRING(res);
 		curl_free(res);
@@ -3556,7 +3560,7 @@ PHP_FUNCTION(curl_unescape)
 		RETURN_FALSE;
 	}
 
-	if (str_len > INT_MAX) {
+	if (ZEND_SIZE_T_INT_OVFL(str_len)) {
 		RETURN_FALSE;
 	}
 
-- 
2.40.0