From 2d05da2e94882b1715d607f650dbd5524a9386ff Mon Sep 17 00:00:00 2001
From: David Carlier <devnexen@gmail.com>
Date: Sun, 6 Oct 2024 06:30:32 +0100
Subject: [PATCH] Fix GH-16260: overflow/underflow on imagerotate degrees
 argument.

close GH-16264
---
 NEWS                      |  4 +++-
 ext/gd/gd.c               |  5 +++++
 ext/gd/tests/gh16260.phpt | 22 ++++++++++++++++++++++
 3 files changed, 30 insertions(+), 1 deletion(-)
 create mode 100644 ext/gd/tests/gh16260.phpt

diff --git a/NEWS b/NEWS
index 7fcbacc037e..f4ad67f2f0e 100644
--- a/NEWS
+++ b/NEWS
@@ -34,8 +34,10 @@ PHP                                                                        NEWS
     (nielsdos)
 
 - GD:
-  . Fixed bug 16232 (bitshift overflow on wbmp file content reading /
+  . Fixed bug GH-16232 (bitshift overflow on wbmp file content reading /
     fix backport from upstream). (David Carlier)
+  . Fixed bug GH-12264 (overflow/underflow on imagerotate degrees value)
+    (David Carlier)
 
 - LDAP:
   . Fixed bug GH-16032 (Various NULL pointer dereferencements in
diff --git a/ext/gd/gd.c b/ext/gd/gd.c
index ef5bc9a03a3..3b824430597 100644
--- a/ext/gd/gd.c
+++ b/ext/gd/gd.c
@@ -1195,6 +1195,11 @@ PHP_FUNCTION(imagerotate)
 		RETURN_THROWS();
 	}
 
+	if (degrees < (double)(INT_MIN / 100) || degrees > (double)(INT_MAX / 100)) {
+		zend_argument_value_error(2, "must be between %d and %d", (INT_MIN / 100), (INT_MAX / 100));
+		RETURN_THROWS();
+	}
+
 	im_src = php_gd_libgdimageptr_from_zval_p(SIM);
 	im_dst = gdImageRotateInterpolated(im_src, (const float)degrees, color);
 
diff --git a/ext/gd/tests/gh16260.phpt b/ext/gd/tests/gh16260.phpt
new file mode 100644
index 00000000000..563fc8d1627
--- /dev/null
+++ b/ext/gd/tests/gh16260.phpt
@@ -0,0 +1,22 @@
+--TEST--
+GH-16260 (Overflow/underflow on imagerotate degrees argument)
+--EXTENSIONS--
+gd
+--FILE--
+<?php
+$im = imagecreatetruecolor(10,10);
+
+try {
+	imagerotate($im, PHP_INT_MIN, 0);
+} catch (\ValueError $e) {
+	echo $e->getMessage() . PHP_EOL;
+}
+
+try {
+	imagerotate($im, PHP_INT_MAX, 0);
+} catch (\ValueError $e) {
+	echo $e->getMessage();
+}
+--EXPECTF--
+imagerotate(): Argument #2 ($angle) must be between %s and %s
+imagerotate(): Argument #2 ($angle) must be between %s and %s