/72541.diff Secret

## 72541.diff
commit 2ca8d85dd4ac6d5f8c046f339f9636e3099b0f08
Author: Stanislav Malyshev <stas@php.net>
Date:   Tue Jul 12 22:59:19 2016 -0700

    Fix bug #72541 - size_t overflow lead to heap corruption

diff --git a/ext/curl/interface.c b/ext/curl/interface.c
index 6a61641..7d085de 100644
--- a/ext/curl/interface.c
+++ b/ext/curl/interface.c
@@ -3595,6 +3595,10 @@ PHP_FUNCTION(curl_unescape)
 		RETURN_FALSE;
 	}

+	if (str_len > INT_MAX) {
+		RETURN_FALSE;
+	}
+
 	if ((out = curl_easy_unescape(ch->cp, str, str_len, &out_len))) {
 		RETVAL_STRINGL(out, out_len);
 		curl_free(out);
	commit 2ca8d85dd4ac6d5f8c046f339f9636e3099b0f08
	Author: Stanislav Malyshev <stas@php.net>
	Date: Tue Jul 12 22:59:19 2016 -0700

	Fix bug #72541 - size_t overflow lead to heap corruption

	diff --git a/ext/curl/interface.c b/ext/curl/interface.c
	index 6a61641..7d085de 100644
	--- a/ext/curl/interface.c
	+++ b/ext/curl/interface.c
	@@ -3595,6 +3595,10 @@ PHP_FUNCTION(curl_unescape)
	RETURN_FALSE;
	}

	+ if (str_len > INT_MAX) {
	+ RETURN_FALSE;
	+ }
	+
	if ((out = curl_easy_unescape(ch->cp, str, str_len, &out_len))) {
	RETVAL_STRINGL(out, out_len);
	curl_free(out);