Fix #73968: Premature failing of XBM reading

We must take into account the line padding, when we're reading XBM
files.

We deliberately ignore the potential integer overflow here, because
that would be caught by gdImageCreate() or even earlier if `bytes==0`,
what happens in libgd00094.phpt which we adapt accordingly.

NEWS

@@ -15,6 +15,9 @@ PHP                                                                        NEWS
   . Fixed bug #67583 (double fastcgi_end_request on max_children limit).
     (Dmitry Saprykin)
 
+- GD:
+  . Fixed bug #73968 (Premature failing of XBM reading). (cmb)
+
 - GMP:
   . Fixed bug #69993 (test for gmp.h needs to test machine includes).
     (Jordan Gigov) 

ext/gd/libgd/xbm.c

@@ -77,7 +77,7 @@ gdImagePtr gdImageCreateFromXbm(FILE * fd)
 				max_bit = 32768;
 			}
 			if (max_bit) {
-				bytes = (width * height / 8) + 1;
+				bytes = (width + 7) / 8 * height;
 				if (!bytes) {
 					return 0;
 				}

ext/gd/tests/bug73968.phpt

@@ -0,0 +1,15 @@
+--TEST--
+Bug #73968 (Premature failing of XBM reading)
+--SKIPIF--
+<?php
+if (!extension_loaded('gd')) die('skip gd extension not available');
+?>
+--FILE--
+<?php
+$im = imagecreatefromxbm(__DIR__ . DIRECTORY_SEPARATOR . 'bug73968.xbm');
+var_dump($im);
+?>
+===DONE===
+--EXPECTF--
+resource(%d) of type (gd)
+===DONE===

ext/gd/tests/bug73968.xbm

@@ -0,0 +1,5 @@
+#define test_width 10
+#define test_height 10
+static unsigned char test_bits[] = {
+  0xFF, 0x03, 0x00, 0x00, 0xFF, 0x03, 0x00, 0x00, 0xFF, 0x03, 0x00, 0x00, 
+  0xFF, 0x03, 0x00, 0x00, 0xFF, 0x03, 0x00, 0x00};

ext/gd/tests/libgd00094.phpt

@@ -11,9 +11,6 @@ $im = imagecreatefromxbm(dirname(__FILE__) . '/libgd00094.xbm');
 var_dump($im);
 ?>
 --EXPECTF--
-Warning: imagecreatefromxbm(): gd warning: product of memory allocation multiplication would exceed INT_MAX, failing operation gracefully
- in %slibgd00094.php on line %d
-
 Warning: imagecreatefromxbm(): '%slibgd00094.xbm' is not a valid XBM file in %slibgd00094.php on line %d
 bool(false)