ext/gd: iamgeresolution checks overflow. (#14585)

Author: devnexen

ext/gd/gd.c

@@ -4282,12 +4282,28 @@ PHP_FUNCTION(imageresolution)
 	im = php_gd_libgdimageptr_from_zval_p(IM);
 
 	if (!res_x_is_null && !res_y_is_null) {
+		if (res_x < 0 || ZEND_SIZE_T_UINT_OVFL(res_x)) {
+			zend_argument_value_error(2, "must be between 0 and %u", UINT_MAX);
+			RETURN_THROWS();
+		}
+		if (res_y < 0 || ZEND_SIZE_T_UINT_OVFL(res_y)) {
+			zend_argument_value_error(3, "must be between 0 and %u", UINT_MAX);
+			RETURN_THROWS();
+		}
 		gdImageSetResolution(im, res_x, res_y);
 		RETURN_TRUE;
 	} else if (!res_x_is_null && res_y_is_null) {
+		if (res_x < 0 || ZEND_SIZE_T_UINT_OVFL(res_x)) {
+			zend_argument_value_error(2, "must be between 0 and %u", UINT_MAX);
+			RETURN_THROWS();
+		}
 		gdImageSetResolution(im, res_x, res_x);
 		RETURN_TRUE;
 	} else if (res_x_is_null && !res_y_is_null) {
+		if (res_y < 0 || ZEND_SIZE_T_UINT_OVFL(res_y)) {
+			zend_argument_value_error(3, "must be between 0 and %u", UINT_MAX);
+			RETURN_THROWS();
+		}
 		gdImageSetResolution(im, res_y, res_y);
 		RETURN_TRUE;
 	}

ext/gd/tests/imageresolution_basic.phpt

@@ -0,0 +1,34 @@
+--TEST--
+Wrong image resolution
+--EXTENSIONS--
+gd
+--SKIPIF--
+<?php
+if (PHP_INT_SIZE != 8) die("skip on non 64 bits architectures");
+?>
+--FILE--
+<?php
+$filename = __DIR__ . DIRECTORY_SEPARATOR . 'imageresolution_png.png';
+
+$exp = imagecreate(100, 100);
+imagecolorallocate($exp, 255, 127, 64);
+
+$res = imageresolution($exp);
+
+try {
+	imageresolution($exp, PHP_INT_MAX);
+} catch (\ValueError $e) {
+	echo $e->getMessage() . PHP_EOL;
+}
+try {
+	imageresolution($exp, 127, -PHP_INT_MAX);
+} catch (\ValueError $e) {
+	echo $e->getMessage() . PHP_EOL;
+}
+imageresolution($exp, 0, 0);
+var_dump(imageresolution($exp) == $res);
+?>
+--EXPECTF--
+imageresolution(): Argument #2 ($resolution_x) must be between 0 and %d
+imageresolution(): Argument #3 ($resolution_y) must be between 0 and %d
+bool(true)