Merge branch 'PHP-8.4' into PHP-8.5

* PHP-8.4:
  Fix GH-20622: imagestring/imagestringup overflow/underflow.

ext/gd/gd.c

@@ -2976,7 +2976,8 @@ static void php_imagechar(INTERNAL_FUNCTION_PARAMETERS, int mode)
 	zend_long X, Y, COL;
 	zend_string *C;
 	gdImagePtr im;
-	int ch = 0, col, x, y, i;
+	int ch = 0, col, i, l = 0;
+	unsigned int x, y;
 	size_t l = 0;
 	unsigned char *str = NULL;
 	zend_object *font_obj = NULL;
@@ -3009,21 +3010,21 @@ static void php_imagechar(INTERNAL_FUNCTION_PARAMETERS, int mode)
 
 	switch (mode) {
 		case 0:
-			gdImageChar(im, font, x, y, ch, col);
+			gdImageChar(im, font, (int)x, (int)y, ch, col);
 			break;
 		case 1:
 			php_gdimagecharup(im, font, x, y, ch, col);
 			break;
 		case 2:
 			for (i = 0; (i < l); i++) {
-				gdImageChar(im, font, x, y, (int) ((unsigned char) str[i]), col);
+				gdImageChar(im, font, (int)x, (int)y, (int) ((unsigned char) str[i]), col);
 				x += font->w;
 			}
 			break;
 		case 3: {
 			for (i = 0; (i < l); i++) {
 				/* php_gdimagecharup(im, font, x, y, (int) str[i], col); */
-				gdImageCharUp(im, font, x, y, (int) str[i], col);
+				gdImageCharUp(im, font, (int)x, (int)y, (int) str[i], col);
 				y -= font->w;
 			}
 			break;

ext/gd/tests/gh20622.phpt

@@ -0,0 +1,13 @@
+--TEST--
+GH-20622 (imagestring/imagestringup overflow/underflow)
+--EXTENSIONS--
+gd
+--FILE--
+<?php
+$im = imagecreate(64, 64);
+imagestringup($im, 5, 0, -2147483648, 'STRINGUP', 0);
+imagestring($im, 5, -2147483648, 0, 'STRING', 0);
+echo "OK";
+?>
+--EXPECT--
+OK