From dc7b661a6094c75d80c661e8103acb6899af34e4 Mon Sep 17 00:00:00 2001
From: David Carlier <devnexen@gmail.com>
Date: Wed, 5 Feb 2025 12:34:39 +0000
Subject: [PATCH] Fix GH-17703: imagescale both width and heigh set with
 negative values.

Throwing a ValueError in this particular case.

close GH-17708
---
 NEWS                      |  4 ++++
 UPGRADING                 |  3 +++
 ext/gd/gd.c               |  5 +++++
 ext/gd/tests/gh17703.phpt | 17 +++++++++++++++++
 4 files changed, 29 insertions(+)
 create mode 100644 ext/gd/tests/gh17703.phpt

diff --git a/NEWS b/NEWS
index fb3a050b1bb..5f7017b6368 100644
--- a/NEWS
+++ b/NEWS
@@ -18,6 +18,10 @@ PHP                                                                        NEWS
   . Fixed bug GH-17609 (Typo in error message: Dom\NO_DEFAULT_NS instead of
     Dom\HTML_NO_DEFAULT_NS). (nielsdos)
 
+- GD:
+  . Fixed bug GH-17703 (imagescale with both width and height negative values
+    triggers only an Exception on width). (David Carlier)
+
 - MBString:
   . Fixed bug GH-17503 (Undefined float conversion in mb_convert_variables).
     (cmb)
diff --git a/UPGRADING b/UPGRADING
index 3bab45da53e..a67fc1b1d88 100644
--- a/UPGRADING
+++ b/UPGRADING
@@ -627,6 +627,9 @@ PHP 8.4 UPGRADE NOTES
   . DOMDocument::registerNodeClass() now has a tentative return type of true.
     Previously, the return type was bool but only true could be returned in practice.
 
+- GD:
+  . imagescale now throws a ValueError when both width and height arguments are negative.
+
 - Hash:
   . Changed the return type of hash_update() to true. It was already the case that only
     true could be returned, but the stub was not updated yet.
diff --git a/ext/gd/gd.c b/ext/gd/gd.c
index c81861ab801..962041232c6 100644
--- a/ext/gd/gd.c
+++ b/ext/gd/gd.c
@@ -3981,6 +3981,11 @@ PHP_FUNCTION(imagescale)
 
 	im = php_gd_libgdimageptr_from_zval_p(IM);
 
+	if (tmp_h < 0 && tmp_w < 0) {
+		zend_value_error("Argument #2 ($width) and argument #3 ($height) cannot be both negative");
+		RETURN_THROWS();
+	}
+
 	if (tmp_h < 0 || tmp_w < 0) {
 		/* preserve ratio */
 		long src_x, src_y;
diff --git a/ext/gd/tests/gh17703.phpt b/ext/gd/tests/gh17703.phpt
new file mode 100644
index 00000000000..4677b6a5013
--- /dev/null
+++ b/ext/gd/tests/gh17703.phpt
@@ -0,0 +1,17 @@
+--TEST--
+GH-17703 both width and height value being negative triggers ValueError on width.
+--EXTENSIONS--
+gd
+--FILE--
+<?php
+
+$img = imagecreatetruecolor ( 256, 1);
+
+try {
+	imagescale($img, -1, -1, 0);
+} catch (\ValueError $e) {
+	echo $e->getMessage();
+}
+?>
+--EXPECT--
+Argument #2 ($width) and argument #3 ($height) cannot be both negative