Merge remote-tracking branch 'security/bug76249' into PHP-5.6

* security/bug76249:
  Fix test
  Fix bug #76249 - fail on invalid sequences

2 files changed, 21 insertions, 0 deletions

diff --git a/ext/iconv/iconv.c b/ext/iconv/iconv.c
index 69dd8c1cf7..fca5331541 100644
--- a/ext/iconv/iconv.c
+++ b/ext/iconv/iconv.c
@@ -2672,6 +2672,9 @@ static int php_iconv_stream_filter_append_bucket(
 								tcnt = 0;
 								break;
 							}
+						} else {
+						    php_error_docref(NULL, E_WARNING, "iconv stream filter (\"%s\"=>\"%s\"): invalid multibyte sequence", self->from_charset, self->to_charset);
+						    goto out_failure;
 						}
 						break;
 
diff --git a/ext/iconv/tests/bug76249.phpt b/ext/iconv/tests/bug76249.phpt
new file mode 100644
index 0000000000..1503f0bc81
--- /dev/null
+++ b/ext/iconv/tests/bug76249.phpt
@@ -0,0 +1,18 @@
+--TEST--
+Bug #76249 (stream filter convert.iconv leads to infinite loop on invalid sequence)
+--SKIPIF--
+<?php extension_loaded('iconv') or die('skip iconv extension is not available'); ?>
+--FILE--
+<?php
+$fh = fopen('php://memory', 'rw');
+fwrite($fh, "abc");
+rewind($fh);
+stream_filter_append($fh, 'convert.iconv.ucs-2/utf8//IGNORE', STREAM_FILTER_READ, []);
+$a = stream_get_contents($fh);
+var_dump(strlen($a));
+?>
+DONE
+--EXPECTF--
+Warning: stream_get_contents(): iconv stream filter ("ucs-2"=>"utf8//IGNORE"): invalid multibyte sequence in %sbug76249.php on line %d
+int(3)
+DONE