From b0cfa28d6d4e6f7855093b4fb66ccf3a2d07660e Mon Sep 17 00:00:00 2001
From: "Christoph M. Becker" <cmbecker69@gmx.de>
Date: Mon, 31 Dec 2018 20:45:47 +0100
Subject: [PATCH] Fix #77391: 1bpp BMPs may fail to be loaded

We port the upstream fix[1].

[1] <https://github.com/libgd/libgd/commit/d0859134fcbd8817f87895bd1cb158096568a7a2>
---
 NEWS                       |   3 +++
 ext/gd/libgd/gd_bmp.c      |   4 ++--
 ext/gd/tests/bug77391.bmp  | Bin 0 -> 102 bytes
 ext/gd/tests/bug77391.phpt |  15 +++++++++++++++
 4 files changed, 20 insertions(+), 2 deletions(-)
 create mode 100644 ext/gd/tests/bug77391.bmp
 create mode 100644 ext/gd/tests/bug77391.phpt

diff --git a/NEWS b/NEWS
index 3798a5b2203..552c94d1366 100644
--- a/NEWS
+++ b/NEWS
@@ -2,6 +2,9 @@ PHP                                                                        NEWS
 |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
 ?? ??? 2019, PHP 7.2.15
 
+- GD:
+  . Fixed bug #77391 (1bpp BMPs may fail to be loaded). (Romain Déoux, cmb)
+
 - Sockets:
   . Fixed bug #76839 (socket_recvfrom may return an invalid 'from' address
     on MacOS). (Michael Meyer)
diff --git a/ext/gd/libgd/gd_bmp.c b/ext/gd/libgd/gd_bmp.c
index 8af8751299c..d71175e4135 100644
--- a/ext/gd/libgd/gd_bmp.c
+++ b/ext/gd/libgd/gd_bmp.c
@@ -813,8 +813,8 @@ static int bmp_read_1bit(gdImagePtr im, gdIOCtxPtr infile, bmp_info_t *info, bmp
 		}
 	}
 
-	/* The line must be divisible by 4, else its padded with NULLs */
-	padding = ((int)ceil(0.1 * info->width)) % 4;
+	/* The line must be aligned on a 32 bits word, else it is padded with zeros */
+	padding = (info->width + 7) / 8 % 4;
 	if (padding) {
 		padding = 4 - padding;
 	}
diff --git a/ext/gd/tests/bug77391.bmp b/ext/gd/tests/bug77391.bmp
new file mode 100644
index 0000000000000000000000000000000000000000..2db27a37f9278f1621e75df3c2ca65e80cd57ccf
GIT binary patch
literal 102
zcmZ?rO=ExnJ0PV2#9UC!$iN7e0Er26LogGN4Z{Eb{|C$cKLBJm05OpF4~YK&@ed&W
O0K^Y~_y7<$05JeH2oDwj

literal 0
HcmV?d00001

diff --git a/ext/gd/tests/bug77391.phpt b/ext/gd/tests/bug77391.phpt
new file mode 100644
index 00000000000..aa76c1470ee
--- /dev/null
+++ b/ext/gd/tests/bug77391.phpt
@@ -0,0 +1,15 @@
+--TEST--
+Bug #77391 (1bpp BMPs may fail to be loaded)
+--SKIPIF--
+<?php
+if (!extension_loaded('gd')) die('skip gd extension not available');
+if (!GD_BUNDLED && version_compare(GD_VERSION, '2.2.5', '<=')) die('skip upstream not yet fixed');
+?>
+--FILE--
+<?php
+var_dump(imagecreatefrombmp(__DIR__ . '/bug77391.bmp'));
+?>
+===DONE===
+--EXPECTF--
+resource(%d) of type (gd)
+===DONE===