Size on disk does not equal size in memory since PNG uses compression whereas LibGD needs to have the full image in memory. For a 10k x 10k that would be roughly 100MB times 4 as there are 4 channels, RGB and A (alpha) which is 400MB in memory. The relevant buffer overflow protection is here:
https://github.com/libgd/libgd/blob/mas ... rity.c#L27Call to overflow2 for PNG images is here
https://github.com/libgd/libgd/blob/mas ... png.c#L417So as per this code rowbytes (a) would be 10000 pixels x 4 channels = 40000 (RGBA) and height (b) is 10000 pixels. Then (a > INT_MAX / b) => 40000 > 2147483647 / 10000 => 40000 > 214748 which is false. In general, rowbytes x height should not exceed INT_MAX. FYI the max size before the overflow check would fail will be a little over 23k x 23k, and more generally height x width x 4 must remain < 2GB.