Fix #73533: Invalid memory access in php_libxml_xmlCheckUTF8PHP-7.4

A string passed to `php_libxml_xmlCheckUTF8()` may be longer than 1<<31-1 bytes, so we're better using a `size_t`. Closes GH-6802.
author: Christoph M. Becker <cmbecker69@gmx.de> 2021-03-23 16:13:57 +0100
committer: Christoph M. Becker <cmbecker69@gmx.de> 2021-03-24 11:50:50 +0100
commit: 498eb8e0529fbe1dd8a91ae3ee8592eda868d3aa (patch)
tree: 050d414944aa16b0ab3a7b316512d51446a4e4a4
parent: 688e56d0ac6446dcdac2621c26586eb2de92f9b0 (diff)
download: php-git-PHP-7.4.tar.gz
2 files changed, 4 insertions, 1 deletions
diff --git a/NEWS b/NEWS
index eef3b0302c..170883ec5d 100644
--- a/NEWS
+++ b/NEWS
@@ -9,6 +9,9 @@ PHP                                                                        NEWS
   . Fixed bug #80024 (Duplication of info about inherited socket after pool
     removing). (Jakub Zelenka)
 
+- LibXML:
+  . Fixed bug #73533 (Invalid memory access in php_libxml_xmlCheckUTF8). (cmb)
+
 - PDO_ODBC:
   . Fixed bug #80783 (PDO ODBC truncates BLOB records at every 256th byte).
     (cmb)
diff --git a/ext/libxml/libxml.c b/ext/libxml/libxml.c
index e21d6fdbbe..fc194770e1 100644
--- a/ext/libxml/libxml.c
+++ b/ext/libxml/libxml.c
@@ -1182,7 +1182,7 @@ static PHP_FUNCTION(libxml_set_external_entity_loader)
 /* {{{ Common functions shared by extensions */
 int php_libxml_xmlCheckUTF8(const unsigned char *s)
 {
-	int i;
+	size_t i;
 	unsigned char c;
 
 	for (i = 0; (c = s[i++]);) {
author	Christoph M. Becker <cmbecker69@gmx.de>	2021-03-23 16:13:57 +0100
committer	Christoph M. Becker <cmbecker69@gmx.de>	2021-03-24 11:50:50 +0100
commit	498eb8e0529fbe1dd8a91ae3ee8592eda868d3aa (patch)
tree	050d414944aa16b0ab3a7b316512d51446a4e4a4
parent	688e56d0ac6446dcdac2621c26586eb2de92f9b0 (diff)
download	php-git-PHP-7.4.tar.gz