From 092571c1cbe82b28b84d1b69f474e6eb55c9a258 Mon Sep 17 00:00:00 2001
From: "Christoph M. Becker" <cmbecker69@gmx.de>
Date: Sun, 11 Aug 2019 15:00:23 +0200
Subject: [PATCH] Extend color component range checks

We also check for alpha components to be within range, and we add yet
missing range checks for other functions as well.
---
 ext/gd/gd.c | 53 +++++++++++++++++++++++++++++++++++++++++++++--------
 1 file changed, 45 insertions(+), 8 deletions(-)

diff --git a/ext/gd/gd.c b/ext/gd/gd.c
index fd4a8401c3..54f6b77678 100644
--- a/ext/gd/gd.c
+++ b/ext/gd/gd.c
@@ -1836,8 +1836,8 @@ PHP_FUNCTION(imagelayereffect)
 }
 /* }}} */
 
-#define CHECK_RGB_RANGE(component, name) \
-	if (component < 0 || component > 255) { \
+#define CHECK_RGBA_RANGE(component, name) \
+	if (component < 0 || component > gd##name##Max) { \
 		php_error_docref(NULL, E_WARNING, #name " component is out of range"); \
 		RETURN_FALSE; \
 	}
@@ -1859,9 +1859,10 @@ PHP_FUNCTION(imagecolorallocatealpha)
 		RETURN_FALSE;
 	}
 
-	CHECK_RGB_RANGE(red, Red);
-	CHECK_RGB_RANGE(green, Green);
-	CHECK_RGB_RANGE(blue, Blue);
+	CHECK_RGBA_RANGE(red, Red);
+	CHECK_RGBA_RANGE(green, Green);
+	CHECK_RGBA_RANGE(blue, Blue);
+	CHECK_RGBA_RANGE(alpha, Alpha);
 
 	ct = gdImageColorAllocateAlpha(im, red, green, blue, alpha);
 	if (ct < 0) {
@@ -1887,6 +1888,11 @@ PHP_FUNCTION(imagecolorresolvealpha)
 		RETURN_FALSE;
 	}
 
+	CHECK_RGBA_RANGE(red, Red);
+	CHECK_RGBA_RANGE(green, Green);
+	CHECK_RGBA_RANGE(blue, Blue);
+	CHECK_RGBA_RANGE(alpha, Alpha);
+
 	RETURN_LONG(gdImageColorResolveAlpha(im, red, green, blue, alpha));
 }
 /* }}} */
@@ -1907,6 +1913,11 @@ PHP_FUNCTION(imagecolorclosestalpha)
 		RETURN_FALSE;
 	}
 
+	CHECK_RGBA_RANGE(red, Red);
+	CHECK_RGBA_RANGE(green, Green);
+	CHECK_RGBA_RANGE(blue, Blue);
+	CHECK_RGBA_RANGE(alpha, Alpha);
+
 	RETURN_LONG(gdImageColorClosestAlpha(im, red, green, blue, alpha));
 }
 /* }}} */
@@ -1927,6 +1938,11 @@ PHP_FUNCTION(imagecolorexactalpha)
 		RETURN_FALSE;
 	}
 
+	CHECK_RGBA_RANGE(red, Red);
+	CHECK_RGBA_RANGE(green, Green);
+	CHECK_RGBA_RANGE(blue, Blue);
+	CHECK_RGBA_RANGE(alpha, Alpha);
+
 	RETURN_LONG(gdImageColorExactAlpha(im, red, green, blue, alpha));
 }
 /* }}} */
@@ -2868,9 +2884,9 @@ PHP_FUNCTION(imagecolorallocate)
 		RETURN_FALSE;
 	}
 
-	CHECK_RGB_RANGE(red, Red);
-	CHECK_RGB_RANGE(green, Green);
-	CHECK_RGB_RANGE(blue, Blue);
+	CHECK_RGBA_RANGE(red, Red);
+	CHECK_RGBA_RANGE(green, Green);
+	CHECK_RGBA_RANGE(blue, Blue);
 
 	ct = gdImageColorAllocate(im, red, green, blue);
 	if (ct < 0) {
@@ -2955,6 +2971,10 @@ PHP_FUNCTION(imagecolorclosest)
 		RETURN_FALSE;
 	}
 
+	CHECK_RGBA_RANGE(red, Red);
+	CHECK_RGBA_RANGE(green, Green);
+	CHECK_RGBA_RANGE(blue, Blue);
+
 	RETURN_LONG(gdImageColorClosest(im, red, green, blue));
 }
 /* }}} */
@@ -2975,6 +2995,10 @@ PHP_FUNCTION(imagecolorclosesthwb)
 		RETURN_FALSE;
 	}
 
+	CHECK_RGBA_RANGE(red, Red);
+	CHECK_RGBA_RANGE(green, Green);
+	CHECK_RGBA_RANGE(blue, Blue);
+
 	RETURN_LONG(gdImageColorClosestHWB(im, red, green, blue));
 }
 /* }}} */
@@ -3029,6 +3053,10 @@ PHP_FUNCTION(imagecolorresolve)
 		RETURN_FALSE;
 	}
 
+	CHECK_RGBA_RANGE(red, Red);
+	CHECK_RGBA_RANGE(green, Green);
+	CHECK_RGBA_RANGE(blue, Blue);
+
 	RETURN_LONG(gdImageColorResolve(im, red, green, blue));
 }
 /* }}} */
@@ -3049,6 +3077,10 @@ PHP_FUNCTION(imagecolorexact)
 		RETURN_FALSE;
 	}
 
+	CHECK_RGBA_RANGE(red, Red);
+	CHECK_RGBA_RANGE(green, Green);
+	CHECK_RGBA_RANGE(blue, Blue);
+
 	RETURN_LONG(gdImageColorExact(im, red, green, blue));
 }
 /* }}} */
@@ -3070,6 +3102,11 @@ PHP_FUNCTION(imagecolorset)
 		RETURN_FALSE;
 	}
 
+	CHECK_RGBA_RANGE(red, Red);
+	CHECK_RGBA_RANGE(green, Green);
+	CHECK_RGBA_RANGE(blue, Blue);
+	CHECK_RGBA_RANGE(alpha, Alpha);
+
 	col = color;
 
 	if (col >= 0 && col < gdImageColorsTotal(im)) {
-- 
2.40.0