https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-2688

http://git.php.net/?p=php-src.git;a=commitdiff;h=fc74503792b1ee92e4b813690890f3ed38fa3ad5

--- php-5.3.3/main/streams/streams.c.cve2688	2012-10-16 13:41:35.000000000 +0200
+++ php-5.3.3/main/streams/streams.c	2012-10-16 13:49:11.548079279 +0200
@@ -2160,6 +2160,11 @@
 			if (vector_size == 0) {
 				vector_size = 10;
 			} else {
+				if (vector_size*2 < vector_size) {
+					/* overflow */
+					efree(vector);
+					return FAILURE;
+				}
 				vector_size *= 2;
 			}
 			vector = (char **) erealloc(vector, vector_size * sizeof(char *));