From b9e81e58440b9b5c07bf5435baef5531b2b318a0 Mon Sep 17 00:00:00 2001
From: Stanislav Malyshev <stas@php.net>
Date: Tue, 16 Aug 2016 15:58:05 -0700
Subject: [PATCH] Fixed bug #72849 - integer overflow in urlencode

---
 ext/standard/url.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/ext/standard/url.c b/ext/standard/url.c
index 4b52000f64..8e471e12d8 100644
--- a/ext/standard/url.c
+++ b/ext/standard/url.c
@@ -520,6 +520,12 @@ PHPAPI char *php_url_encode(char const *s, int len, int *new_length)
 			*to++ = c;
 		}
 	}
+
+	if ((to-start) > INT_MAX) {
+		/* E_ERROR since most clients won't check for error, and this is rather rare condition */
+		php_error_docref(NULL TSRMLS_CC, E_ERROR, "String overflow, max length is %d", INT_MAX);
+	}
+
 	*to = 0;
 	if (new_length) {
 		*new_length = to - start;
-- 
2.40.0