Merge branch 'PHP-7.4'

* PHP-7.4:
  Fix recovery of large entities in mb_decode_numericentity()

Author: nikic

ext/mbstring/libmbfl/mbfl/mbfilter.c

@@ -2508,12 +2508,10 @@ collector_decode_htmlnumericentity(int c, void *data)
 			(*pc->decoder->filter_function)(0x23, pc->decoder);		/* '#' */
 			r = 1;
 			n = pc->digit;
-			while (n > 0) {
+			while (n > 1) {
 				r *= 10;
 				n--;
 			}
-			s %= r;
-			r /= 10;
 			while (r > 0) {
 				d = s/r;
 				s %= r;
@@ -2686,12 +2684,10 @@ int mbfl_filt_decode_htmlnumericentity_flush(mbfl_convert_filter *filter)
 			s = pc->cache;
 			r = 1;
 			n = pc->digit;
-			while (n > 0) {
+			while (n > 1) {
 				r *= 10;
 				n--;
 			}
-			s %= r;
-			r /= 10;
 			while (r > 0) {
 				d = s/r;
 				s %= r;

ext/mbstring/tests/mb_decode_numericentity.phpt

@@ -15,6 +15,10 @@ echo mb_decode_numericentity($str1, $convmap, "UTF-8")."\n";
 echo mb_decode_numericentity($str2, $convmap, "UTF-8")."\n";
 echo mb_decode_numericentity($str3, $convmap, "UTF-8")."\n";
 
+echo mb_decode_numericentity('&#1000000000', $convmap), "\n";
+echo mb_decode_numericentity('&#10000000000', $convmap), "\n";
+echo mb_decode_numericentity('&#100000000000', $convmap), "\n";
+
 $convmap = [];
 echo mb_decode_numericentity('föo', $convmap, "UTF-8")."\n";
 
@@ -24,10 +28,14 @@ try {
 } catch (ValueError $ex) {
     echo $ex->getMessage()."\n";
 }
+
 ?>
 --EXPECT--
 ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ
 ƒΑΒΓΔΕΖΗΘΙΚΛΜΝΞΟΠΡΣΤΥΦΧΨΩαβγδεζηθικλμνξοπρςστυφχψωϑϒϖ•…′″‾⁄℘ℑℜ™ℵ←↑→↓↔↵⇐⇑⇒⇓⇔∀∂∃∅∇∈∉∋∏∑−∗√∝∞∠∧∨∩∪∫∴∼≅≈≠≡≤≥⊂⊃⊄⊆⊇⊕⊗⊥⋅⌈⌉⌊⌋〈〉◊♠♣♥♦
 aŒbœcŠdše€fg
+&#1000000000
+&#10000000000
+&#100000000000
 föo
 count($convmap) must be a multiple of 4