Fix #74544: Integer overflow in mysqli_real_escape_string()

The patch has been provided by @johannes. Closes GH-7353.
2025-08-15 21:48:51 +02:00 · 2021-08-09 12:48:21 +02:00 · 2021-08-09 12:48:21 +02:00 · 5977610de1
commit 5977610de1
parent 6724d5d4c2
2 changed files with 5 additions and 1 deletions
--- a/ext/mysqli/mysqli_api.c
+++ b/ext/mysqli/mysqli_api.c
@ -1971,7 +1971,7 @@ PHP_FUNCTION(mysqli_real_escape_string) {
 	}
 	MYSQLI_FETCH_RESOURCE_CONN(mysql, mysql_link, MYSQLI_STATUS_VALID);

-	newstr = zend_string_alloc(2 * escapestr_len, 0);
+	newstr = zend_string_safe_alloc(2, escapestr_len, 0, 0);
 	ZSTR_LEN(newstr) = mysql_real_escape_string_quote(mysql->mysql, ZSTR_VAL(newstr), escapestr, escapestr_len, '\'');
 	newstr = zend_string_truncate(newstr, ZSTR_LEN(newstr), 0);