From b8663dd147aef431620ff456536c3b9183561bc9 Mon Sep 17 00:00:00 2001
From: Oliver Vogel <oliver@olivervogel.com>
Date: Mon, 15 Jun 2026 19:55:53 +0200
Subject: [PATCH] Fix reading PNG PHYs length

---
 src/Drivers/Gd/Analyzers/ResolutionAnalyzer.php | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/Drivers/Gd/Analyzers/ResolutionAnalyzer.php b/src/Drivers/Gd/Analyzers/ResolutionAnalyzer.php
index f0ea7ce8..8d0addab 100644
--- a/src/Drivers/Gd/Analyzers/ResolutionAnalyzer.php
+++ b/src/Drivers/Gd/Analyzers/ResolutionAnalyzer.php
@@ -201,6 +201,11 @@ private function resolutionFromPngPhys($handle): array
                 $length = unpack('N', $length)[1];
                 fseek($handle, 4, SEEK_CUR);
 
+                // pHYs chunk must be exactly 9 bytes
+                if ($length !== 9) {
+                    throw new AnalyzerException('Invalid pHYs chunk length');
+                }
+
                 // read data
                 $data = fread($handle, $length);