-
-
Save anonymous/99b4cc71096d54075cf1cc91caf3266e to your computer and use it in GitHub Desktop.
Patch for 72627
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
commit 620b01337cc39f856ca68c34c35e154f5f0682fc | |
Author: Stanislav Malyshev <stas@php.net> | |
Date: Mon Aug 8 00:49:34 2016 -0700 | |
Fixed bug #72627: Memory Leakage In exif_process_IFD_in_TIFF | |
diff --git a/ext/exif/exif.c b/ext/exif/exif.c | |
index 5564de4..86e9a1e 100644 | |
--- a/ext/exif/exif.c | |
+++ b/ext/exif/exif.c | |
@@ -3758,9 +3758,12 @@ static int exif_process_IFD_in_TIFF(image_info_type *ImageInfo, size_t dir_offse | |
fgot = php_stream_read(ImageInfo->infile, ImageInfo->Thumbnail.data, ImageInfo->Thumbnail.size); | |
if (fgot < ImageInfo->Thumbnail.size) { | |
EXIF_ERRLOG_THUMBEOF(ImageInfo) | |
- } | |
+ efree(ImageInfo->Thumbnail.data); | |
+ ImageInfo->Thumbnail.data = NULL; | |
+ } else { | |
exif_thumbnail_build(ImageInfo TSRMLS_CC); | |
} | |
+ } | |
#ifdef EXIF_DEBUG | |
exif_error_docref(NULL EXIFERR_CC, ImageInfo, E_NOTICE, "Read next IFD (THUMBNAIL) done"); | |
#endif | |
diff --git a/ext/exif/tests/bug72627.phpt b/ext/exif/tests/bug72627.phpt | |
new file mode 100644 | |
index 0000000..bb6a1fa | |
--- /dev/null | |
+++ b/ext/exif/tests/bug72627.phpt | |
@@ -0,0 +1,71 @@ | |
+--TEST-- | |
+Bug #72627 (Memory Leakage In exif_process_IFD_in_TIFF) | |
+--SKIPIF-- | |
+<?php if (!extension_loaded('exif')) print 'skip exif extension not available';?> | |
+--FILE-- | |
+<?php | |
+ $exif = exif_read_data(__DIR__ . '/bug72627.tiff',0,0,true); | |
+ var_dump($exif); | |
+?> | |
+--EXPECTF-- | |
+Warning: exif_read_data(%s): Thumbnail goes IFD boundary or end of file reached in %sbug72627.php on line %d | |
+ | |
+Warning: exif_read_data(%s): Error in TIFF: filesize(x04E2) less than start of IFD dir(x829A0004) in %sbug72627.php on line %d | |
+ | |
+Warning: exif_read_data(%s): Thumbnail goes IFD boundary or end of file reached in %sbug72627.php on line %d | |
+array(11) { | |
+ ["FileName"]=> | |
+ string(13) "bug72627.tiff" | |
+ ["FileDateTime"]=> | |
+ int(%d) | |
+ ["FileSize"]=> | |
+ int(1250) | |
+ ["FileType"]=> | |
+ int(7) | |
+ ["MimeType"]=> | |
+ string(10) "image/tiff" | |
+ ["SectionsFound"]=> | |
+ string(30) "ANY_TAG, IFD0, THUMBNAIL, EXIF" | |
+ ["COMPUTED"]=> | |
+ array(10) { | |
+ ["html"]=> | |
+ string(24) "width="128" height="132"" | |
+ ["Height"]=> | |
+ int(132) | |
+ ["Width"]=> | |
+ int(128) | |
+ ["IsColor"]=> | |
+ int(0) | |
+ ["ByteOrderMotorola"]=> | |
+ int(0) | |
+ ["ApertureFNumber"]=> | |
+ string(5) "f/1.0" | |
+ ["Thumbnail.FileType"]=> | |
+ int(2) | |
+ ["Thumbnail.MimeType"]=> | |
+ string(10) "image/jpeg" | |
+ ["Thumbnail.Height"]=> | |
+ int(132) | |
+ ["Thumbnail.Width"]=> | |
+ int(128) | |
+ } | |
+ ["XResolution"]=> | |
+ string(21) "1414812756/1414812756" | |
+ ["THUMBNAIL"]=> | |
+ array(5) { | |
+ ["ImageWidth"]=> | |
+ int(128) | |
+ ["ImageLength"]=> | |
+ int(132) | |
+ ["JPEGInterchangeFormat"]=> | |
+ int(1280) | |
+ ["JPEGInterchangeFormatLength"]=> | |
+ int(100) | |
+ ["THUMBNAIL"]=> | |
+ NULL | |
+ } | |
+ ["ExposureTime"]=> | |
+ string(21) "1414812756/1414812756" | |
+ ["FNumber"]=> | |
+ string(21) "1414812756/1414812756" | |
+} | |
diff --git a/ext/exif/tests/bug72627.tiff b/ext/exif/tests/bug72627.tiff | |
new file mode 100644 | |
index 0000000..229190a | |
Binary files /dev/null and b/ext/exif/tests/bug72627.tiff differ |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment