File php-CVE-2016-7133.patch of Package php7.7220

From c2a13ced4272f2e65d2773e2ea6ca11c1ce4a911 Mon Sep 17 00:00:00 2001
From: Stanislav Malyshev <stas@php.net>
Date: Sun, 14 Aug 2016 19:07:15 -0700
Subject: [PATCH] Fix bug #72742 - memory allocator fails to realloc small
 block to large one

---
 Zend/zend_alloc.c | 24 ++++++++++++------------
 1 file changed, 12 insertions(+), 12 deletions(-)

diff --git a/Zend/zend_alloc.c b/Zend/zend_alloc.c
index 1876559..a79d67b4 100644
--- a/Zend/zend_alloc.c
+++ b/Zend/zend_alloc.c
@@ -1548,21 +1548,21 @@ static void *zend_mm_realloc_heap(zend_mm_heap *heap, void *ptr, size_t size, si
 
 		ZEND_MM_CHECK(chunk->heap == heap, "zend_mm_heap corrupted");
 		if (info & ZEND_MM_IS_SRUN) {
-			int old_bin_num, bin_num;
-
-			old_bin_num = ZEND_MM_SRUN_BIN_NUM(info);
+			int old_bin_num = ZEND_MM_SRUN_BIN_NUM(info);
 			old_size = bin_data_size[old_bin_num];
-			bin_num = ZEND_MM_SMALL_SIZE_TO_BIN(size);
-			if (old_bin_num == bin_num) {
+			if (size <= ZEND_MM_MAX_SMALL_SIZE) {
+				int bin_num = ZEND_MM_SMALL_SIZE_TO_BIN(size);
+				if (old_bin_num == bin_num) {
 #if ZEND_DEBUG
-				dbg = zend_mm_get_debug_info(heap, ptr);
-				dbg->size = real_size;
-				dbg->filename = __zend_filename;
-				dbg->orig_filename = __zend_orig_filename;
-				dbg->lineno = __zend_lineno;
-				dbg->orig_lineno = __zend_orig_lineno;
+					dbg = zend_mm_get_debug_info(heap, ptr);
+					dbg->size = real_size;
+					dbg->filename = __zend_filename;
+					dbg->orig_filename = __zend_orig_filename;
+					dbg->lineno = __zend_lineno;
+					dbg->orig_lineno = __zend_orig_lineno;
 #endif
-				return ptr;
+					return ptr;
+				}
 			}
 		} else /* if (info & ZEND_MM_IS_LARGE_RUN) */ {
 			ZEND_MM_CHECK(ZEND_MM_ALIGNED_OFFSET(page_offset, ZEND_MM_PAGE_SIZE) == 0, "zend_mm_heap corrupted");