From a6a13139db522e0c2f9eb26550a47c31b1edde13 Mon Sep 17 00:00:00 2001
From: Ben Ramsey <ramsey@php.net>
Date: Tue, 7 Jun 2022 09:59:17 -0500
Subject: [PATCH] Fix #76452: Crash while parsing blob data in
 firebird_fetch_blob

This reapplies 286162e9b03071c4308e7e92597bca4239f49d89 to the PHP-8.1 (and up)
branches, fixing what might have been caused by a bad merge conflict resolution.
---
 ext/pdo_firebird/firebird_statement.c | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/ext/pdo_firebird/firebird_statement.c b/ext/pdo_firebird/firebird_statement.c
index ad49147f0256f..d2b0a720b62fe 100644
--- a/ext/pdo_firebird/firebird_statement.c
+++ b/ext/pdo_firebird/firebird_statement.c
@@ -305,7 +305,15 @@ static int firebird_fetch_blob(pdo_stmt_t *stmt, int colno, zval *result, ISC_QU
 		zend_ulong cur_len;
 		unsigned short seg_len;
 		ISC_STATUS stat;
-		zend_string *str = zend_string_alloc(len, 0);
+		zend_string *str;
+
+		/* prevent overflow */
+		if (len > ZSTR_MAX_LEN) {
+			result = 0;
+			goto fetch_blob_end;
+		}
+
+		str = zend_string_alloc(len, 0);
 
 		for (cur_len = stat = 0; (!stat || stat == isc_segment) && cur_len < len; cur_len += seg_len) {