Fix #81740: PDO::quote() may return unquoted string

`sqlite3_snprintf()` expects its first parameter to be `int`; we need
to avoid overflow.

Author: cmb69

ext/pdo_sqlite/sqlite_driver.c

@@ -226,6 +226,9 @@ static zend_string *pdo_sqlite_last_insert_id(pdo_dbh_t *dbh, const zend_string
 /* NB: doesn't handle binary strings... use prepared stmts for that */
 static zend_string* sqlite_handle_quoter(pdo_dbh_t *dbh, const zend_string *unquoted, enum pdo_param_type paramtype)
 {
+	if (unquotedlen > (INT_MAX - 3) / 2) {
+		return 0;
+	}
 	char *quoted = safe_emalloc(2, ZSTR_LEN(unquoted), 3);
 	/* TODO use %Q format? */
 	sqlite3_snprintf(2*ZSTR_LEN(unquoted) + 3, quoted, "'%q'", ZSTR_VAL(unquoted));

ext/pdo_sqlite/tests/bug81740.phpt

@@ -0,0 +1,17 @@
+--TEST--
+Bug #81740 (PDO::quote() may return unquoted string)
+--SKIPIF--
+<?php
+if (!extension_loaded('pdo_sqlite')) print 'skip not loaded';
+if (getenv("SKIP_SLOW_TESTS")) die("skip slow test");
+?>
+--INI--
+memory_limit=-1
+--FILE--
+<?php
+$pdo = new PDO("sqlite::memory:");
+$string = str_repeat("a", 0x80000000);
+var_dump($pdo->quote($string));
+?>
+--EXPECT--
+bool(false)