Index: ext/standard/string.c
===================================================================
RCS file: /repository/php-src/ext/standard/string.c,v
retrieving revision 1.445.2.14.2.57
diff -u -p -d -r1.445.2.14.2.57 string.c
--- ext/standard/string.c	24 May 2007 21:29:27 -0000	1.445.2.14.2.57
+++ ext/standard/string.c	29 May 2007 10:32:05 -0000
@@ -46,6 +46,7 @@
 #include "scanf.h"
 #include "zend_API.h"
 #include "zend_execute.h"
+#include "zend_multiply.h"
 #include "php_globals.h"
 #include "basic_functions.h"
 #include "php_smart_str.h"
@@ -1956,8 +1957,26 @@ static char *php_chunk_split(char *src, 
 	char *p, *q;
 	int chunks; /* complete chunks! */
 	int restlen;
+	int overflow;
+	double dval = 0.0;
+	long l1, l2;
 
 	chunks = srclen / chunklen;
+
+	l1 = chunks;
+	l2 = chunklen;
+	ZEND_SIGNED_MULTIPLY_LONG(l1,l2,l1,dval,overflow);
+	if (overflow) {
+		return NULL; 
+	}
+
+	l1 = chunks + 1;
+	l2 = endlen;
+	ZEND_SIGNED_MULTIPLY_LONG(l1,l2,l1,dval,overflow);
+	if (overflow) {
+		return NULL; 
+	}
+
 	restlen = srclen - chunks * chunklen; /* srclen % chunklen */
 
 	dest = safe_emalloc((srclen + (chunks + 1) * endlen + 1), sizeof(char), 0);