File php-5.1.2-CVE-2007-3472.patch of Package php

--- ext/gd/libgd/gd.c
+++ ext/gd/libgd/gd.c
@@ -120,6 +120,15 @@
 {
 	int i;
 	gdImagePtr im;
+
+	if (overflow2(sizeof(unsigned char *), sy)) {
+		return NULL;
+	}
+
+	if (overflow2(sizeof(unsigned char), sx)) {
+		return NULL;
+	}
+
 	im = (gdImage *) gdMalloc(sizeof(gdImage));
 	memset(im, 0, sizeof(gdImage));
 	/* Row-major ever since gd 1.3 */
@@ -162,6 +171,27 @@
 {
 	int i;
 	gdImagePtr im;
+
+	if (overflow2(sx, sy)) {
+		return NULL;
+	}
+ 
+	if (overflow2(sizeof(int *), sy)) {
+		return NULL;
+	}
+
+	if (overflow2(sizeof(unsigned char *), sy)) {
+		return NULL;
+	}
+
+	if (overflow2(sizeof(int), sx)) {
+		return NULL;
+	}
+
+	if (overflow2(sizeof(unsigned char), sx)) {
+		return NULL;
+	}
+
 	im = (gdImage *) gdMalloc(sizeof(gdImage));
 	memset(im, 0, sizeof(gdImage));
 	im->tpixels = (int **) gdMalloc(sizeof(int *) * sy);