php_url_prase_ex() read buffer exceeding its limits and segfaults.
PHP function parse_url() is not affected since PHP string is terminated by null char always.
Patch to fix this:
@@ -319,8 +320,9 @@ PHPAPI php_url *php_url_parse_ex(char const *str, size_t length)
nohost:
if ((p = memchr(s, '?', (ue - s)))) {
- pp = strchr(s, '#');
+ pp = memchr(s, '#', (ue - s));
if (pp && pp < p) {
if (pp - s) {