From 2e7df9e4238f2aff421eb09d841381675d073a24 Mon Sep 17 00:00:00 2001 From: David CARLIER Date: Sat, 19 Apr 2025 16:27:14 +0100 Subject: [PATCH] ext/gd: imagefilter* using overflow checks. (#18283) Accept up to UINT_MAX * sizeof(int) colors. --- ext/gd/gd.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ext/gd/gd.c b/ext/gd/gd.c index 9017d58bd75..c993860f3b4 100644 --- a/ext/gd/gd.c +++ b/ext/gd/gd.c @@ -3599,7 +3599,7 @@ static void php_image_filter_scatter(INTERNAL_FUNCTION_PARAMETERS) RETURN_BOOL(gdImageScatter(im, (int)scatter_sub, (int)scatter_plus)); } - colors = emalloc(num_colors * sizeof(int)); + colors = safe_emalloc(num_colors, sizeof(int), 0); ZEND_HASH_FOREACH_VAL(Z_ARRVAL_P(hash_colors), color) { *(colors + i++) = (int) zval_get_long(color);