PHP bug #77479

.patch

From 2afa2e3882c7ebd7d5da03f519a6c0df4feea299 Mon Sep 17 00:00:00 2001
From: "Christoph M. Becker" <cmbecker69@gmx.de>
Date: Thu, 17 Jan 2019 14:11:57 +0100
Subject: [PATCH] Fix #77479: imagewbmp() segfaults with very large images

We must not proceed working with the Wbmp structure, if it hasn't been
allocated.
---
 ext/gd/libgd/gd_wbmp.c     |  1 +
 ext/gd/tests/bug77479.phpt | 26 ++++++++++++++++++++++++++
 2 files changed, 27 insertions(+)
 create mode 100644 ext/gd/tests/bug77479.phpt

diff --git a/ext/gd/libgd/gd_wbmp.c b/ext/gd/libgd/gd_wbmp.c
index b81eed80e7..48e74af454 100644
--- a/ext/gd/libgd/gd_wbmp.c
+++ b/ext/gd/libgd/gd_wbmp.c
@@ -99,6 +99,7 @@ void gdImageWBMPCtx (gdImagePtr image, int fg, gdIOCtx * out)
 	/* create the WBMP */
 	if ((wbmp = createwbmp (gdImageSX (image), gdImageSY (image), WBMP_WHITE)) == NULL) {
 		php_gd_error("Could not create WBMP");
+		return;
 	}
 
 	/* fill up the WBMP structure */
diff --git a/ext/gd/tests/bug77479.phpt b/ext/gd/tests/bug77479.phpt
new file mode 100644
index 0000000000..9441e38d3e
--- /dev/null
+++ b/ext/gd/tests/bug77479.phpt
@@ -0,0 +1,26 @@
+--TEST--
+Bug #77479 (imagewbmp() segfaults with very large image)
+--SKIPIF--
+<?php
+if (!extension_loaded('gd')) die('skip gd extension not available');
+if (getenv("SKIP_SLOW_TESTS")) die("skip slow test");
+?>
+--INI--
+memory_limit=-1
+--FILE--
+<?php
+$im = imagecreate(40000, 20000);
+imagecolorallocate($im, 0, 0, 0);
+imagewbmp($im, __DIR__ . '/77479.wbmp');
+?>
+===DONE===
+--EXPECTF--
+Warning: imagewbmp(): gd warning: product of memory allocation multiplication would exceed INT_MAX, failing operation gracefully
+ in %s on line %d
+
+Warning: imagewbmp(): Could not create WBMP in %s on line %d
+===DONE===
+--CLEAN--
+<?php
+@unlink(__DIR__ . '/77479.wbmp');
+?>
-- 
2.17.0.windows.1