From b5e26a9e4fe6a19c584bee5a1b2c97fbdbdce028 Mon Sep 17 00:00:00 2001
From: David Carlier <devnexen@gmail.com>
Date: Tue, 8 Apr 2025 22:37:31 +0100
Subject: [PATCH] ext/gd: imagefilter* using overflow checks.

Accept up to UINT_MAX * sizeof(int) colors.
---
 ext/gd/gd.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ext/gd/gd.c b/ext/gd/gd.c
index 9017d58bd75a..c993860f3b47 100644
--- a/ext/gd/gd.c
+++ b/ext/gd/gd.c
@@ -3599,7 +3599,7 @@ static void php_image_filter_scatter(INTERNAL_FUNCTION_PARAMETERS)
 			RETURN_BOOL(gdImageScatter(im, (int)scatter_sub, (int)scatter_plus));
 		}
 
-		colors = emalloc(num_colors * sizeof(int));
+		colors = safe_emalloc(num_colors, sizeof(int), 0);
 
 		ZEND_HASH_FOREACH_VAL(Z_ARRVAL_P(hash_colors), color) {
 			*(colors + i++) = (int) zval_get_long(color);