File php-4.3.9-CVE-2007-1001.patch of Package php4

--- php-5.1.6/ext/gd/libgd/wbmp.c.cve1001
+++ php-5.1.6/ext/gd/libgd/wbmp.c
@@ -102,6 +102,8 @@
   return (0);
 }
 
+#define SAFE_MULTIPLE(x,y) (x == 0 || y == 0 || (x > 0 && y > 0 && (x < INT_MAX / y)))
+
 /* create wbmp
    ** -----------
    ** create an empty wbmp
@@ -116,6 +118,12 @@
   if ((wbmp = (Wbmp *) gdMalloc (sizeof (Wbmp))) == NULL)
     return (NULL);
 
+  if (!SAFE_MULTIPLE(width, height)) {
+      php_gd_error("createwbmp: Integer overflow from WBMP image height/width (%d x %d)\n", width, height);
+      gdFree(wbmp);
+      return NULL;
+  }
+
   if ((wbmp->bitmap = (int *) safe_emalloc(sizeof(int), (width * height), 0)) == NULL)
     {
       gdFree (wbmp);
@@ -176,6 +184,13 @@
   printf ("W: %d, H: %d\n", wbmp->width, wbmp->height);
 #endif
 
+  if (!SAFE_MULTIPLE(wbmp->width, wbmp->height)) {
+      php_gd_error("readwbmp: Integer overflow from WBMP image height/width (%d x %d)\n", 
+                   wbmp->width, wbmp->height);
+      gdFree(wbmp);
+      return (-1);
+  }
+
   if ((wbmp->bitmap = (int *) safe_emalloc(sizeof(int), (wbmp->width * wbmp->height), 0)) == NULL)
     {
       gdFree (wbmp);