Skip to content

integer overflow image ellipse #21321

Closed as duplicate of#20660
Closed as duplicate of#20660
integer overflow image ellipse#21321
Labels
BugStatus: Needs Triage
@chongwick

Description

@chongwick
chongwick
opened on Mar 1, 2026

Description

The following code:

<?php
$v_11265 = 400;
$v_11266 = 300;
$v_11267 = imagecreatetruecolor($v_11265,$v_11266,);
$v_18379 = 2147483646;
$v_18371 = 100;
$v_11270 = 300;
$v_11271 = 200;
$v_11272 = 16777215;
$v_11273 = imageellipse($v_11267,$v_18379,$v_18371,$v_11270,$v_11271,$v_11272,);

Resulted in this output:

/home/w023dtc/nightly_php/php-src/ext/gd/libgd/gd.c:1807:13: runtime error: signed integer overflow: -2147483648 - 1 cannot be represented in type 'int'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /home/w023dtc/nightly_php/php-src/ext/gd/libgd/gd.c:1807:13

But I expected this output instead:

PHP Version

nightly

Operating System

No response

Metadata

Metadata

Assignees

No one assigned

    Labels

    BugStatus: Needs Triage

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions