Fix #74544: Integer overflow in mysqli_real_escape_string()

The patch has been provided by @johannes.

Closes phpGH-7353.

Author: cmb69

Diff for: NEWS

@@ -18,6 +18,10 @@ PHP                                                                        NEWS
 - GD:
   . Fixed bug #51498 (imagefilledellipse does not work for large circles). (cmb)
 
+- MySQLi:
+  . Fixed bug #74544 (Integer overflow in mysqli_real_escape_string()). (cmb,
+    johannes)
+
 - OpenSSL:
   . Fixed bug #81327 (Error build openssl extension on php 7.4.22). (cmb)
 

Diff for: ext/mysqli/mysqli_api.c

@@ -1971,7 +1971,7 @@ PHP_FUNCTION(mysqli_real_escape_string) {
 	}
 	MYSQLI_FETCH_RESOURCE_CONN(mysql, mysql_link, MYSQLI_STATUS_VALID);
 
-	newstr = zend_string_alloc(2 * escapestr_len, 0);
+	newstr = zend_string_safe_alloc(2, escapestr_len, 0, 0);
 	ZSTR_LEN(newstr) = mysql_real_escape_string_quote(mysql->mysql, ZSTR_VAL(newstr), escapestr, escapestr_len, '\'');
 	newstr = zend_string_truncate(newstr, ZSTR_LEN(newstr), 0);