Merge branch 'PHP-5.6' into PHP-7.0

* PHP-5.6:
  Fix tsrm_ls
  Fix #76129 - remove more potential unfiltered outputs for phar
  Fix test
  Fix bug #76248 - Malicious LDAP-Server Response causes Crash
  Fix bug #76249 - fail on invalid sequences
  Fix #76130: Heap Buffer Overflow (READ: 1786) in exif_iif_add_value
  Fix bug #75981: prevent reading beyond buffer start

2 files changed, 21 insertions, 0 deletions

diff --git a/ext/iconv/iconv.c b/ext/iconv/iconv.c
index 47aa983ab1..ea619aa227 100644
--- a/ext/iconv/iconv.c
+++ b/ext/iconv/iconv.c
@@ -2648,6 +2648,9 @@ static int php_iconv_stream_filter_append_bucket(
 								tcnt = 0;
 								break;
 							}
+						} else {
+						    php_error_docref(NULL, E_WARNING, "iconv stream filter (\"%s\"=>\"%s\"): invalid multibyte sequence", self->from_charset, self->to_charset);
+						    goto out_failure;
 						}
 						break;
 
diff --git a/ext/iconv/tests/bug76249.phpt b/ext/iconv/tests/bug76249.phpt
new file mode 100644
index 0000000000..1503f0bc81
--- /dev/null
+++ b/ext/iconv/tests/bug76249.phpt
@@ -0,0 +1,18 @@
+--TEST--
+Bug #76249 (stream filter convert.iconv leads to infinite loop on invalid sequence)
+--SKIPIF--
+<?php extension_loaded('iconv') or die('skip iconv extension is not available'); ?>
+--FILE--
+<?php
+$fh = fopen('php://memory', 'rw');
+fwrite($fh, "abc");
+rewind($fh);
+stream_filter_append($fh, 'convert.iconv.ucs-2/utf8//IGNORE', STREAM_FILTER_READ, []);
+$a = stream_get_contents($fh);
+var_dump(strlen($a));
+?>
+DONE
+--EXPECTF--
+Warning: stream_get_contents(): iconv stream filter ("ucs-2"=>"utf8//IGNORE"): invalid multibyte sequence in %sbug76249.php on line %d
+int(3)
+DONE