Merge branch 'PHP-7.4' into PHP-8.0

* PHP-7.4:
  Fix #74544: Integer overflow in mysqli_real_escape_string()

Author: cmb69

NEWS

@@ -25,6 +25,10 @@ PHP                                                                        NEWS
 - GD:
   . Fixed bug #51498 (imagefilledellipse does not work for large circles). (cmb)
 
+- MySQLi:
+  . Fixed bug #74544 (Integer overflow in mysqli_real_escape_string()). (cmb,
+    johannes)
+
 - Opcache:
   . Fixed bug #81225 (Wrong result with pow operator with JIT enabled).
     (Dmitry)

ext/mysqli/mysqli_api.c

@@ -1894,7 +1894,7 @@ PHP_FUNCTION(mysqli_real_escape_string) {
 	}
 	MYSQLI_FETCH_RESOURCE_CONN(mysql, mysql_link, MYSQLI_STATUS_VALID);
 
-	newstr = zend_string_alloc(2 * escapestr_len, 0);
+	newstr = zend_string_safe_alloc(2, escapestr_len, 0, 0);
 	ZSTR_LEN(newstr) = mysql_real_escape_string_quote(mysql->mysql, ZSTR_VAL(newstr), escapestr, escapestr_len, '\'');
 	newstr = zend_string_truncate(newstr, ZSTR_LEN(newstr), 0);