changes from review

Author: devnexen

ext/gd/gd.c

@@ -660,7 +660,12 @@ PHP_FUNCTION(imagesetstyle)
 			zend_argument_value_error(2, "value must be of type int, %s given", zend_zval_type_name(item));
 			RETURN_THROWS();
 		}
-		stylearr[index++] = tmp;
+		if (ZEND_LONG_EXCEEDS_INT(tmp)) {
+			efree(stylearr);
+			zend_argument_value_error(2, "value must be between %d and %d", INT_MIN, INT_MAX);
+			RETURN_THROWS();
+		}
+		stylearr[index++] = (int) tmp;
 	} ZEND_HASH_FOREACH_END();
 
 	gdImageSetStyle(im, stylearr, index);
@@ -3669,7 +3674,7 @@ static void php_image_filter_scatter(INTERNAL_FUNCTION_PARAMETERS)
 				zend_argument_value_error(5, "value must be between 0 and %d", INT_MAX);
 				RETURN_THROWS();
 			}
-			*(colors + i++) = (int) tmp;
+			colors[i++] = (int) tmp;
 		} ZEND_HASH_FOREACH_END();
 
 		RETVAL_BOOL(gdImageScatterColor(im, (int)scatter_sub, (int)scatter_plus, colors, num_colors));
@@ -3843,6 +3848,22 @@ PHP_FUNCTION(imageantialias)
 }
 /* }}} */
 
+static bool _php_gd_zval_try_get_c_int(zval *tmp, const char *field, int *res) {
+	zend_long r;
+	bool failed = false;
+	r = zval_try_get_long(tmp, &failed);
+	if (failed) {
+		zend_argument_value_error(2, "\"%s\" key must be of type int, %s given", field, zend_zval_type_name(tmp));
+		return false;
+	}
+	if (UNEXPECTED(ZEND_LONG_EXCEEDS_INT(r))) {
+		zend_argument_value_error(2, "\"%s\" key must be between %d and %d", field, INT_MIN, INT_MAX);
+		return false;
+	}
+	*res = (int)r;
+	return true;
+}
+
 /* {{{ Crop an image using the given coordinates and size, x, y, width and height. */
 PHP_FUNCTION(imagecrop)
 {
@@ -3852,7 +3873,6 @@ PHP_FUNCTION(imagecrop)
 	gdRect rect;
 	zval *z_rect;
 	zval *tmp;
-	zend_long r;
 
 	ZEND_PARSE_PARAMETERS_START(2, 2)
 		Z_PARAM_OBJECT_OF_CLASS(IM, gd_image_ce)
@@ -3862,48 +3882,36 @@ PHP_FUNCTION(imagecrop)
 	im = php_gd_libgdimageptr_from_zval_p(IM);
 
 	if ((tmp = zend_hash_str_find(Z_ARRVAL_P(z_rect), "x", sizeof("x") -1)) != NULL) {
-		r = zval_get_long(tmp);
-		if (ZEND_LONG_EXCEEDS_INT(r)) {
-			zend_argument_value_error(2, "\"x\" key must be between %d and %d\n", INT_MIN, INT_MAX);
+		if (!_php_gd_zval_try_get_c_int(tmp, "x", &rect.x)) {
 			RETURN_THROWS();
 		}
-		rect.x = (int)r;
 	} else {
 		zend_argument_value_error(2, "must have an \"x\" key");
 		RETURN_THROWS();
 	}
 
 	if ((tmp = zend_hash_str_find(Z_ARRVAL_P(z_rect), "y", sizeof("y") - 1)) != NULL) {
-		r = zval_get_long(tmp);
-		if (ZEND_LONG_EXCEEDS_INT(r)) {
-			zend_argument_value_error(2, "\"y\" key must be between %d and %d\n", INT_MIN, INT_MAX);
+		if (!_php_gd_zval_try_get_c_int(tmp, "y", &rect.y)) {
 			RETURN_THROWS();
 		}
-		rect.y = (int)r;
 	} else {
 		zend_argument_value_error(2, "must have a \"y\" key");
 		RETURN_THROWS();
 	}
 
 	if ((tmp = zend_hash_str_find(Z_ARRVAL_P(z_rect), "width", sizeof("width") - 1)) != NULL) {
-		r = zval_get_long(tmp);
-		if (ZEND_LONG_EXCEEDS_INT(r)) {
-			zend_argument_value_error(2, "\"width\" key must be between %d and %d\n", INT_MIN, INT_MAX);
+		if (!_php_gd_zval_try_get_c_int(tmp, "width", &rect.width)) {
 			RETURN_THROWS();
 		}
-		rect.width = (int)r;
 	} else {
 		zend_argument_value_error(2, "must have a \"width\" key");
 		RETURN_THROWS();
 	}
 
 	if ((tmp = zend_hash_str_find(Z_ARRVAL_P(z_rect), "height", sizeof("height") - 1)) != NULL) {
-		r = zval_get_long(tmp);
-		if (ZEND_LONG_EXCEEDS_INT(r)) {
-			zend_argument_value_error(2, "\"height\" key must be between %d and %d\n", INT_MIN, INT_MAX);
+		if (!_php_gd_zval_try_get_c_int(tmp, "height", &rect.height)) {
 			RETURN_THROWS();
 		}
-		rect.height = (int)r;
 	} else {
 		zend_argument_value_error(2, "must have a \"height\" key");
 		RETURN_THROWS();

ext/gd/tests/gh18005.phpt

@@ -6,9 +6,13 @@ gd
 <?php
 class A {}
 $img = imagecreatetruecolor(1, 1);
-$styles = array(PHP_INT_MIN, new A());
 try {
-	imagesetstyle($img, $styles);
+	imagesetstyle($img, [0, new A()]);
+} catch (\ValueError $e) {
+	echo $e->getMessage() . PHP_EOL;
+}
+try {
+	imagesetstyle($img, [0, PHP_INT_MIN]);
 } catch (\ValueError $e) {
 	echo $e->getMessage() . PHP_EOL;
 }
@@ -39,15 +43,41 @@ try {
 }
 try {
 	imagecrop($img, array("x" => 0, "y" => 0, "width" => 0, "height" => PHP_INT_MAX));
+} catch (\ValueError $e) {
+	echo $e->getMessage() . PHP_EOL;
+}
+
+try {
+	imagecrop($img, array("x" => new A(), "y" => 0, "width" => 0, "height" => 0));
+} catch (\ValueError $e) {
+	echo $e->getMessage() . PHP_EOL;
+}
+try {
+	imagecrop($img, array("x" => 0, "y" => new A(), "width" => 0, "height" => 0));
+} catch (\ValueError $e) {
+	echo $e->getMessage() . PHP_EOL;
+}
+try {
+	imagecrop($img, array("x" => 0, "y" => 0, "width" => new A(), "height" => 0));
+} catch (\ValueError $e) {
+	echo $e->getMessage() . PHP_EOL;
+}
+try {
+	imagecrop($img, array("x" => 0, "y" => 0, "width" => 0, "height" => new A()));
 } catch (\ValueError $e) {
 	echo $e->getMessage();
 }
 ?>
 --EXPECTF--
 imagesetstyle(): Argument #2 ($style) value must be of type int, A given
+imagesetstyle(): Argument #2 ($style) value must be between %i and %d
 imagefilter(): Argument #5 value must be of type int, A given
 imagefilter(): Argument #5 value must be between 0 and 2147483647
 imagecrop(): Argument #2 ($rectangle) "x" key must be between %i and %d
 imagecrop(): Argument #2 ($rectangle) "y" key must be between %i and %d
 imagecrop(): Argument #2 ($rectangle) "width" key must be between %i and %d
 imagecrop(): Argument #2 ($rectangle) "height" key must be between %i and %d
+imagecrop(): Argument #2 ($rectangle) "x" key must be of type int, A given
+imagecrop(): Argument #2 ($rectangle) "y" key must be of type int, A given
+imagecrop(): Argument #2 ($rectangle) "width" key must be of type int, A given
+imagecrop(): Argument #2 ($rectangle) "height" key must be of type int, A given