commit 98ddf8502ef79a5e29b6c0fc81fd145353f48955
Author: Stanislav Malyshev <stas@php.net>
Date:   Sun Sep 28 14:19:31 2014 -0700

    Fixed bug #68044: Integer overflow in unserialize() (32-bits only)

Index: php5-5.3.3/ext/standard/tests/serialize/bug68044.phpt
===================================================================
--- /dev/null	1970-01-01 00:00:00.000000000 +0000
+++ php5-5.3.3/ext/standard/tests/serialize/bug68044.phpt	2014-11-23 15:25:35.000000000 +0100
@@ -0,0 +1,12 @@
+--TEST--
+Bug #68044 Integer overflow in unserialize() (32-bits only)
+--FILE--
+<?php
+	echo unserialize('C:3:"XYZ":18446744075857035259:{}');
+?>
+===DONE==
+--EXPECTF--
+Warning: Insufficient data for unserializing - %d required, 1 present in %s/bug68044.php on line 2
+
+Notice: unserialize(): Error at offset 32 of 33 bytes in %s/bug68044.php on line 2
+===DONE==
Index: php5-5.3.3/ext/standard/var_unserializer.c
===================================================================
--- php5-5.3.3.orig/ext/standard/var_unserializer.c	2014-11-23 15:25:35.000000000 +0100
+++ php5-5.3.3/ext/standard/var_unserializer.c	2014-11-23 15:27:03.000000000 +0100
@@ -1,4 +1,4 @@
-/* Generated by re2c 0.13.5 on Fri Jun 25 15:36:31 2010 */
+/* Generated by re2c 0.13.5 */
 /*
   +----------------------------------------------------------------------+
   | PHP Version 5                                                        |
@@ -326,7 +326,7 @@
 
 	(*p) += 2;
 
-	if (datalen < 0 || (*p) + datalen >= max) {
+	if (datalen < 0 || (max - (*p)) <= datalen) {
 		zend_error(E_WARNING, "Insufficient data for unserializing - %ld required, %ld present", datalen, (long)(max - (*p)));
 		return 0;
 	}
Index: php5-5.3.3/ext/standard/var_unserializer.re
===================================================================
--- php5-5.3.3.orig/ext/standard/var_unserializer.re	2014-11-23 15:25:35.000000000 +0100
+++ php5-5.3.3/ext/standard/var_unserializer.re	2014-11-23 15:25:35.000000000 +0100
@@ -332,7 +332,7 @@
 
 	(*p) += 2;
 
-	if (datalen < 0 || (*p) + datalen >= max) {
+	if (datalen < 0 || (max - (*p)) <= datalen) {
 		zend_error(E_WARNING, "Insufficient data for unserializing - %ld required, %ld present", datalen, (long)(max - (*p)));
 		return 0;
 	}