From 05114265fbb112793ddf6de953c31ad0cbb2c1d2 Mon Sep 17 00:00:00 2001
From: David Carlier <devnexen@gmail.com>
Date: Wed, 9 Oct 2024 23:18:23 +0100
Subject: [PATCH 1/2] Fix GH-16322: overflow on imageaffine matrix argument.

---
 ext/gd/gd.c | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/ext/gd/gd.c b/ext/gd/gd.c
index 3b824430597..eb261231c21 100644
--- a/ext/gd/gd.c
+++ b/ext/gd/gd.c
@@ -3687,13 +3687,25 @@ PHP_FUNCTION(imageaffine)
 		if ((zval_affine_elem = zend_hash_index_find(Z_ARRVAL_P(z_affine), i)) != NULL) {
 			switch (Z_TYPE_P(zval_affine_elem)) {
 				case IS_LONG:
-					affine[i]  = Z_LVAL_P(zval_affine_elem);
+					affine[i] = Z_LVAL_P(zval_affine_elem);
+					if (ZEND_LONG_EXCEEDS_INT(affine[i])) {
+						zend_argument_type_error(2, "element %i must be between %d and %d", i, INT_MIN, INT_MAX);
+						RETURN_THROWS();
+					}
 					break;
 				case IS_DOUBLE:
 					affine[i] = Z_DVAL_P(zval_affine_elem);
+					if (ZEND_LONG_EXCEEDS_INT(affine[i])) {
+						zend_argument_type_error(2, "element %i must be between %d and %d", i, INT_MIN, INT_MAX);
+						RETURN_THROWS();
+					}
 					break;
 				case IS_STRING:
 					affine[i] = zval_get_double(zval_affine_elem);
+					if (ZEND_LONG_EXCEEDS_INT(affine[i])) {
+						zend_argument_type_error(2, "element %i must be between %d and %d", i, INT_MIN, INT_MAX);
+						RETURN_THROWS();
+					}
 					break;
 				default:
 					zend_argument_type_error(3, "contains invalid type for element %i", i);

From 9b64d3212d55ec300ef4a85c5ada2fcd2df694ea Mon Sep 17 00:00:00 2001
From: "Christoph M. Becker" <cmbecker69@gmx.de>
Date: Thu, 10 Oct 2024 00:58:12 +0200
Subject: [PATCH 2/2] Revert "Fix GH-16322: overflow on imageaffine matrix
 argument."

This reverts commit 05114265fbb112793ddf6de953c31ad0cbb2c1d2, since it
apparently has been pushed inadvertently (see PR #16334).
---
 ext/gd/gd.c | 14 +-------------
 1 file changed, 1 insertion(+), 13 deletions(-)

diff --git a/ext/gd/gd.c b/ext/gd/gd.c
index eb261231c21..3b824430597 100644
--- a/ext/gd/gd.c
+++ b/ext/gd/gd.c
@@ -3687,25 +3687,13 @@ PHP_FUNCTION(imageaffine)
 		if ((zval_affine_elem = zend_hash_index_find(Z_ARRVAL_P(z_affine), i)) != NULL) {
 			switch (Z_TYPE_P(zval_affine_elem)) {
 				case IS_LONG:
-					affine[i] = Z_LVAL_P(zval_affine_elem);
-					if (ZEND_LONG_EXCEEDS_INT(affine[i])) {
-						zend_argument_type_error(2, "element %i must be between %d and %d", i, INT_MIN, INT_MAX);
-						RETURN_THROWS();
-					}
+					affine[i]  = Z_LVAL_P(zval_affine_elem);
 					break;
 				case IS_DOUBLE:
 					affine[i] = Z_DVAL_P(zval_affine_elem);
-					if (ZEND_LONG_EXCEEDS_INT(affine[i])) {
-						zend_argument_type_error(2, "element %i must be between %d and %d", i, INT_MIN, INT_MAX);
-						RETURN_THROWS();
-					}
 					break;
 				case IS_STRING:
 					affine[i] = zval_get_double(zval_affine_elem);
-					if (ZEND_LONG_EXCEEDS_INT(affine[i])) {
-						zend_argument_type_error(2, "element %i must be between %d and %d", i, INT_MIN, INT_MAX);
-						RETURN_THROWS();
-					}
 					break;
 				default:
 					zend_argument_type_error(3, "contains invalid type for element %i", i);