Merge branch 'PHP-7.0' into PHP-7.1

* PHP-7.0: (48 commits)
  Update NEWs
  Unused label
  Fixed bug #72853 (stream_set_blocking doesn't work)
  fix test
  Bug #72663 - part 3
  Bug #72663 - part 2
  Bug #72663 - part 1
  Update NEWS
  BLock test with memory leak
  fix tests
  Fix TSRM build
  Fix bug #72850 - integer overflow in uuencode
  Fixed bug #72849 - integer overflow in urlencode
  Fix bug #72848 - integer overflow in quoted_printable_encode caused heap corruption
  Fix bug #72838 - 	Integer overflow lead to heap corruption in sql_regcase
  Fix bug #72837 - integer overflow in bzdecompress caused heap corruption
  Fix bug #72836 - integer overflow in base64_decode caused heap corruption
  Fix for bug #72807 - do not produce strings with negative length
  Fix for bug #72790 and bug #72799
  Fix bug #72730 - imagegammacorrect allows arbitrary write access
  ...

Conflicts:
	ext/standard/var_unserializer.c

1 files changed, 6 insertions, 2 deletions

diff --git a/ext/curl/interface.c b/ext/curl/interface.c
index a20d60ca36..08846808fc 100644
--- a/ext/curl/interface.c
+++ b/ext/curl/interface.c
@@ -3530,7 +3530,7 @@ PHP_FUNCTION(curl_reset)
 PHP_FUNCTION(curl_escape)
 {
 	char       *str = NULL, *res = NULL;
-	size_t        str_len = 0;
+	size_t     str_len = 0;
 	zval       *zid;
 	php_curl   *ch;
 
@@ -3542,6 +3542,10 @@ PHP_FUNCTION(curl_escape)
 		RETURN_FALSE;
 	}
 
+	if (ZEND_SIZE_T_INT_OVFL(str_len)) {
+		RETURN_FALSE;
+	}
+
 	if ((res = curl_easy_escape(ch->cp, str, str_len))) {
 		RETVAL_STRING(res);
 		curl_free(res);
@@ -3569,7 +3573,7 @@ PHP_FUNCTION(curl_unescape)
 		RETURN_FALSE;
 	}
 
-	if (str_len > INT_MAX) {
+	if (ZEND_SIZE_T_INT_OVFL(str_len)) {
 		RETURN_FALSE;
 	}