From 498eb8e0529fbe1dd8a91ae3ee8592eda868d3aa Mon Sep 17 00:00:00 2001
From: "Christoph M. Becker" <cmbecker69@gmx.de>
Date: Tue, 23 Mar 2021 16:13:57 +0100
Subject: Fix #73533: Invalid memory access in php_libxml_xmlCheckUTF8

A string passed to `php_libxml_xmlCheckUTF8()` may be longer than
1<<31-1 bytes, so we're better using a `size_t`.

Closes GH-6802.
---
 NEWS                | 3 +++
 ext/libxml/libxml.c | 2 +-
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/NEWS b/NEWS
index eef3b0302c..170883ec5d 100644
--- a/NEWS
+++ b/NEWS
@@ -9,6 +9,9 @@ PHP                                                                        NEWS
   . Fixed bug #80024 (Duplication of info about inherited socket after pool
     removing). (Jakub Zelenka)
 
+- LibXML:
+  . Fixed bug #73533 (Invalid memory access in php_libxml_xmlCheckUTF8). (cmb)
+
 - PDO_ODBC:
   . Fixed bug #80783 (PDO ODBC truncates BLOB records at every 256th byte).
     (cmb)
diff --git a/ext/libxml/libxml.c b/ext/libxml/libxml.c
index e21d6fdbbe..fc194770e1 100644
--- a/ext/libxml/libxml.c
+++ b/ext/libxml/libxml.c
@@ -1182,7 +1182,7 @@ static PHP_FUNCTION(libxml_set_external_entity_loader)
 /* {{{ Common functions shared by extensions */
 int php_libxml_xmlCheckUTF8(const unsigned char *s)
 {
-	int i;
+	size_t i;
 	unsigned char c;
 
 	for (i = 0; (c = s[i++]);) {
-- 
cgit v1.2.1