File php-5.3.5-CVE-2011-0420.patch of Package php5.512

--- ext/intl/grapheme/grapheme_string.c	2010/12/19 04:10:49	306448
+++ ext/intl/grapheme/grapheme_string.c	2010/12/19 05:07:31	306449
@@ -799,7 +799,7 @@
 
 	if ( NULL != next ) {
 		if ( !PZVAL_IS_REF(next) ) {
-			intl_error_set( NULL, U_ILLEGAL_ARGUMENT_ERROR,
+			intl_error_set( NULL, U_ILLEGAL_ARGUMENT_ERROR, 
 				 "grapheme_extract: 'next' was not passed by reference", 0 TSRMLS_CC );
 			 
 			RETURN_FALSE;
@@ -819,10 +819,16 @@
 	}
 
 	if ( lstart > INT32_MAX || lstart < 0 || lstart >= str_len ) {
+		intl_error_set( NULL, U_ILLEGAL_ARGUMENT_ERROR, "grapheme_extract: start not contained in string", 0 TSRMLS_CC );
+		RETURN_FALSE;
+	}
 
-		intl_error_set( NULL, U_ILLEGAL_ARGUMENT_ERROR, "grapheme_extract: start not contained in string", 1 TSRMLS_CC );
-
+	if ( size > INT32_MAX || size < 0) {
+		intl_error_set( NULL, U_ILLEGAL_ARGUMENT_ERROR, "grapheme_extract: size is invalid", 0 TSRMLS_CC );
 		RETURN_FALSE;
+	}
+	if (size == 0) {
+		RETURN_EMPTY_STRING();
 	}
 
 	/* we checked that it will fit: */