Merge branch 'PHP-8.4'

devnexen · devnexen · commit abf6f8be715a · 2025-04-05T15:57:59.000+01:00
diff --git a/ext/gd/gd.c b/ext/gd/gd.c
@@ -3363,6 +3363,17 @@ static void php_imagettftext_common(INTERNAL_FUNCTION_PARAMETERS, int mode)
 		im = php_gd_libgdimageptr_from_zval_p(IM);
 	}
 
+	// FT_F26Dot6 is a signed long alias
+	if (ptsize < (double)LONG_MIN / 64 || ptsize > (double)LONG_MAX / 64) {
+		zend_argument_value_error(2, "must be between " ZEND_LONG_FMT " and " ZEND_LONG_FMT, (zend_long)((double)LONG_MIN / 64), (zend_long)((double)LONG_MAX / 64));
+		RETURN_THROWS();
+	}
+
+	if (UNEXPECTED(!zend_finite(ptsize))) {
+		zend_argument_value_error(2, "must be finite");
+		RETURN_THROWS();
+	}
+
 	/* convert angle to radians */
 	angle = angle * (M_PI/180);
 
diff --git a/ext/gd/tests/gh18243.phpt b/ext/gd/tests/gh18243.phpt
@@ -0,0 +1,42 @@
+--TEST--
+GH-18243: imagefttext underflow/overflow on $size
+--EXTENSIONS--
+gd
+--SKIPIF--
+<?php
+if(!function_exists('imagettftext')) die('skip imagettftext() not available');
+?>
+--FILE--
+<?php
+$font = __DIR__.'/Rochester-Regular.otf';
+$im = imagecreatetruecolor(100, 80);
+
+try {
+	imagettftext($im, PHP_INT_MAX, 0, 15, 60, 0, $font, "");
+} catch (\ValueError $e) {
+	echo $e->getMessage(), PHP_EOL;
+}
+
+try {
+	imagettftext($im, PHP_INT_MIN, 0, 15, 60, 0, $font, "");
+} catch (\ValueError $e) {
+	echo $e->getMessage(), PHP_EOL;
+}
+
+try {
+	imagettftext($im, NAN, 0, 15, 60, 0, $font, "");
+} catch (\ValueError $e) {
+	echo $e->getMessage(), PHP_EOL;
+}
+
+try {
+	imagettftext($im, INF, 0, 15, 60, 0, $font, "");
+} catch (\ValueError $e) {
+	echo $e->getMessage();
+}
+?>
+--EXPECTF--
+imagettftext(): Argument #2 ($size) must be between %i and %d
+imagettftext(): Argument #2 ($size) must be between %i and %d
+imagettftext(): Argument #2 ($size) must be finite
+imagettftext(): Argument #2 ($size) must be between %i and %d
