From 1bd103df00f49cf4d4ade2cfe3f456ac058a4eae Mon Sep 17 00:00:00 2001
From: Stanislav Malyshev <stas@php.net>
Date: Wed, 10 Aug 2016 00:14:58 -0700
Subject: [PATCH] Fix bug #72730 - imagegammacorrect allows arbitrary write
 access

---
 ext/gd/gd.c                |  5 +++++
 ext/gd/tests/bug72730.phpt | 15 +++++++++++++++
 2 files changed, 20 insertions(+)
 create mode 100644 ext/gd/tests/bug72730.phpt

diff --git a/ext/gd/gd.c b/ext/gd/gd.c
index 5c604b7a80a..0fb96041087 100644
--- a/ext/gd/gd.c
+++ b/ext/gd/gd.c
@@ -3082,6 +3082,11 @@ PHP_FUNCTION(imagegammacorrect)
 		return;
 	}
 
+	if ( input <= 0.0 || output <= 0.0 ) {
+		php_error_docref(NULL TSRMLS_CC, E_WARNING, "Gamma values should be positive");
+		RETURN_FALSE;
+	}
+
 	ZEND_FETCH_RESOURCE(im, gdImagePtr, &IM, -1, "Image", le_gd);
 
 	if (gdImageTrueColor(im))	{
diff --git a/ext/gd/tests/bug72730.phpt b/ext/gd/tests/bug72730.phpt
new file mode 100644
index 00000000000..e7c13cb5e9d
--- /dev/null
+++ b/ext/gd/tests/bug72730.phpt
@@ -0,0 +1,15 @@
+--TEST--
+Bug #72730: imagegammacorrect allows arbitrary write access
+--SKIPIF--
+<?php 
+if (!function_exists("imagecreatetruecolor")) die("skip");
+?>
+--FILE--
+<?php
+$img =  imagecreatetruecolor(1, 1);
+imagegammacorrect($img, -1, 1337);
+?>
+DONE
+--EXPECTF--
+Warning: imagegammacorrect(): Gamma values should be positive in %sbug72730.php on line %d
+DONE
\ No newline at end of file