mirrors/php-src
0
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2024-12-12 19:33:31 +08:00
Code Issues Packages Projects Releases Wiki Activity

Fix leak of temporary buffer during exif tag reading

Browse Source
This commit is contained in:
Nikita Popov 2019-09-22 12:10:17 +02:00
parent 0701835c01
commit f989a4cd44
3 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
ext/exif/exif.c
View File

@ -3588,9 +3588,11 @@ static int exif_process_IFD_TAG(image_info_type *ImageInfo, char *dir_entry, cha
Subdir_start = offset_base + php_ifd_get32u(value_ptr, ImageInfo->motorola_intel);
if (Subdir_start < offset_base || Subdir_start > offset_base+IFDlength) {
exif_error_docref("exif_read_data#error_ifd" EXIFERR_CC, ImageInfo, E_WARNING, "Illegal IFD Pointer");
EFREE_IF(outside);
return FALSE;
}
if (!exif_process_IFD_in_JPEG(ImageInfo, Subdir_start, offset_base, IFDlength, displacement, sub_section_index, tag)) {
EFREE_IF(outside);
return FALSE;
}
#ifdef EXIF_DEBUG

BIN
ext/exif/tests/temporary_buffer_leak.jpg Normal file
View File

Binary file not shown.

10
ext/exif/tests/temporary_buffer_leak.phpt Normal file
View File

@ -0,0 +1,10 @@
--TEST--
OSS-Fuzz: Temporary buffer leak in tag reading
--FILE--
<?php
var_dump(@exif_read_data(__DIR__ . '/temporary_buffer_leak.jpg'));
?>
--EXPECT--
bool(false)