ext/soap: Fix integer overflow when decoding SOAP array indexes

[LamentXU123]

SOAP encoded array metadata such as arrayType, offset, and position is parsed into int indexes before being used for array placement. That is, this code:

<?php
class C extends SoapClient {
    function __doRequest($r, $l, $a, $v, $o = false, ?string $u = null): string {
        return <<<'XML'
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
 xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/"
 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 xmlns:xsd="http://www.w3.org/2001/XMLSchema"
 SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
 <SOAP-ENV:Body>
  <x:testResponse xmlns:x="x">
   <return SOAP-ENC:arrayType="xsd:string[1]" SOAP-ENC:offset="[2147483648]" xsi:type="SOAP-ENC:Array">
    <item xsi:type="xsd:string">x</item>
   </return>
  </x:testResponse>
 </SOAP-ENV:Body>
</SOAP-ENV:Envelope>
XML;
    }
}

$c = new C(null, ['location' => 'x', 'uri' => 'x']);
var_dump($c->test());

Will resulted in:

array(1) {
  [-2147483648]=>
  string(1) "x"
}

Because the index overflows.

There is a TODO message to fix this. So I think people are aware of this bug before

I therefore wrote this to add checked decimal accumulation for SOAP array indexes and reject values that exceed int range. I Also reject auto-increment past INT_MAX before updating the next array position :)

[LamentXU123]

Plus: Had to fix the bailout logic....

Now in the client side, if I raise a error when overflow is detected, the code will go to master_to_eval() and without xmlFreeDoc(response) and cause a memory leak. So in case of that I just had to add some logic to the bailout process to make sure xmldoc is free, although I hate it (；′⌒`)

[devnexen]

kind of empty now