diff --git a/NEWS b/NEWS
index 28341f26c94..cb513239722 100644
--- a/NEWS
+++ b/NEWS
@@ -18,6 +18,10 @@ PHP                                                                        NEWS
 - GD:
   . Fixed bug #51498 (imagefilledellipse does not work for large circles). (cmb)
 
+- MySQLi:
+  . Fixed bug #74544 (Integer overflow in mysqli_real_escape_string()). (cmb,
+    johannes)
+
 - OpenSSL:
   . Fixed bug #81327 (Error build openssl extension on php 7.4.22). (cmb)
 
diff --git a/ext/mysqli/mysqli_api.c b/ext/mysqli/mysqli_api.c
index 9896ab8eda2..8612a604328 100644
--- a/ext/mysqli/mysqli_api.c
+++ b/ext/mysqli/mysqli_api.c
@@ -1971,7 +1971,7 @@ PHP_FUNCTION(mysqli_real_escape_string) {
 	}
 	MYSQLI_FETCH_RESOURCE_CONN(mysql, mysql_link, MYSQLI_STATUS_VALID);
 
-	newstr = zend_string_alloc(2 * escapestr_len, 0);
+	newstr = zend_string_safe_alloc(2, escapestr_len, 0, 0);
 	ZSTR_LEN(newstr) = mysql_real_escape_string_quote(mysql->mysql, ZSTR_VAL(newstr), escapestr, escapestr_len, '\'');
 	newstr = zend_string_truncate(newstr, ZSTR_LEN(newstr), 0);