Fix GH-19578: imagefilledellipse underflow on width argument.

Author: devnexen

ext/gd/gd.c

@@ -832,6 +832,11 @@ PHP_FUNCTION(imagefilledellipse)
 		RETURN_THROWS();
 	}
 
+    if (w < 0 || w > INT_MAX) {
+        zend_argument_value_error(4, "must be between 0 and %d", INT_MAX);
+        RETURN_THROWS();
+    }
+
 	im = php_gd_libgdimageptr_from_zval_p(IM);
 
 	gdImageFilledEllipse(im, cx, cy, w, h, color);

ext/gd/tests/gh19578.phpt

@@ -0,0 +1,23 @@
+--TEST--
+GH-19578: imagefilledellipse underflow on width argument
+--EXTENSIONS--
+gd
+--FILE--
+<?php
+$src = imagecreatetruecolor(255, 255);
+
+try {
+    imagefilledellipse($src, 0, 0, PHP_INT_MAX, 254, 0);
+} catch (\ValueError $e) {
+    echo $e->getMessage(), PHP_EOL;
+}
+
+try {
+    imagefilledellipse($src, 0, 0, -16, 254, 0);
+} catch (\ValueError $e) {
+    echo $e->getMessage();
+}
+?>
+--EXPECTF--
+imagefilledellipse(): Argument #4 ($width) must be between 0 and %d
+imagefilledellipse(): Argument #4 ($width) must be between 0 and %d