In this new post to the PHP Security blog, Stefan Esser points out that an issue that was previously marked as corrected - a problem with the chunk_split function - hasn't completely been corrected.
This [bugfix] fixes the chunk_split() overflow (found by SEC-CONSULT) that was according to the PHP 5.2.3 release notes already fixed. The original fix was however not only broken but complete nonsense. If you can read C you will see that the integer overflow was not fixed in PHP 5.2.3 but simply moved into a separate line and an additional bogus if clause was added.
Stefan includes a simple four line code example to illustrate his point.