Fix Bug #68713 infinite loop / infinite free

PHP not affected (emalloc never return NULL)
Just to reduce diff with upstream and for legibility

Apply:
https://bitbucket.org/libgd/gd-libgd/commits/3c0d2203b2672b688d4d2326ff3a60b019879062
https://bitbucket.org/libgd/gd-libgd/commits/4af76c97a478d4e7c4b64e08ac67abbca7cbd0fb

Author: remicollet

ext/gd/libgd/gd.c

@@ -3049,8 +3049,8 @@ int gdImagePaletteToTrueColor(gdImagePtr src)
 		}
 	}
 
-	/* free old palette buffer */
-	for (yy = y - 1; yy >= yy - 1; yy--) {
+	/* free old palette buffer (y is sy) */
+	for (yy = 0; yy < y; yy++) {
 		gdFree(src->pixels[yy]);
 	}
 	gdFree(src->pixels);
@@ -3067,13 +3067,11 @@ int gdImagePaletteToTrueColor(gdImagePtr src)
 	return 1;
 
 clean_on_error:
-	if (y > 0) {
-
-		for (yy = y; yy >= yy - 1; y--) {
-			gdFree(src->tpixels[y]);
-		}
-		gdFree(src->tpixels);
+	/* free new true color buffer (y is not allocated, have failed) */
+	for (yy = 0; yy < y; yy++) {
+		gdFree(src->tpixels[yy]);
 	}
+	gdFree(src->tpixels);
 	return 0;
 }