Fix #70052: getimagesize() fails for very large and very small WBMP

Very large WBMP (width or height greater than 2**31-1) cause an overflow and
circumvent the size limitation of 2048x2048 px. Very small WBMP (less than 12
bytes) cause a read error and are not recognized. This patch fixes both bugs.

3 files changed, 21 insertions, 0 deletions

diff --git a/ext/standard/tests/image/bug70052.phpt b/ext/standard/tests/image/bug70052.phpt
new file mode 100644
index 0000000000..76ebda92b2
--- /dev/null
+++ b/ext/standard/tests/image/bug70052.phpt
@@ -0,0 +1,21 @@
+--TEST--
+Bug #70052 (getimagesize() fails for very large and very small WBMP)
+--FILE--
+<?php
+var_dump(getimagesize(__DIR__ . '/bug70052_1.wbmp'));
+var_dump(getimagesize(__DIR__ . '/bug70052_2.wbmp'));
+?>
+--EXPECT--
+bool(false)
+array(5) {
+  [0]=>
+  int(3)
+  [1]=>
+  int(3)
+  [2]=>
+  int(15)
+  [3]=>
+  string(20) "width="3" height="3""
+  ["mime"]=>
+  string(18) "image/vnd.wap.wbmp"
+}
diff --git a/ext/standard/tests/image/bug70052_1.wbmp b/ext/standard/tests/image/bug70052_1.wbmp
new file mode 100644
index 0000000000..2c32f379ae
--- /dev/null
+++ b/ext/standard/tests/image/bug70052_1.wbmp
diff --git a/ext/standard/tests/image/bug70052_2.wbmp b/ext/standard/tests/image/bug70052_2.wbmp
new file mode 100644
index 0000000000..d0f4313fc1
--- /dev/null
+++ b/ext/standard/tests/image/bug70052_2.wbmp