From: Pierre Joye <pajoye@php.net>
Date: Sat, 2 Jun 2007 15:41:02 +0000 (+0000)
Subject: - MFB: sx/sy must be > 0 and < INT_MAX
X-Git-Tag: BEFORE_IMPORT_OF_MYSQLND~558
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=893225c0aabd4503d2d4d8f6f92c44de0126d2ed;p=php

- MFB: sx/sy must be > 0 and < INT_MAX
---

diff --git a/ext/gd/gd.c b/ext/gd/gd.c
index 0b1d29edec..11ba9d9388 100644
--- a/ext/gd/gd.c
+++ b/ext/gd/gd.c
@@ -1560,7 +1560,7 @@ PHP_FUNCTION(imagecreatetruecolor)
 		return;
 	}
 
-	if (x_size <= 0 || y_size <= 0) {
+	if (x_size <= 0 || y_size <= 0 ||  x_size >= INT_MAX || y_size >= INT_MAX) {
 		php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid image dimensions");
 		RETURN_FALSE;
 	}
@@ -2109,7 +2109,7 @@ PHP_FUNCTION(imagecreate)
 		return;
 	}
 
-	if (x_size <= 0 || y_size <= 0) {
+	if (x_size <= 0 || y_size <= 0 ||  x_size >= INT_MAX || y_size >= INT_MAX) {
 		php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid image dimensions");
 		RETURN_FALSE;
 	}