Skip to content

Instantly share code, notes, and snippets.

@nikic nikic/bug79282.patch Secret
Created Feb 19, 2020

Embed
What would you like to do?
commit b15e84afffaa44206dee86f7f0a87701364edd4b
Author: Nikita Popov <nikita.ppv@gmail.com>
Date: Wed Feb 19 10:59:19 2020 +0100
Fixed bug #79282
diff --git a/ext/exif/exif.c b/ext/exif/exif.c
index dfa7cb2d6e..2bb34d972b 100644
--- a/ext/exif/exif.c
+++ b/ext/exif/exif.c
@@ -3642,6 +3642,11 @@ static void exif_process_TIFF_in_JPEG(image_info_type *ImageInfo, char *CharBuf,
unsigned exif_value_2a, offset_of_ifd;
exif_offset_info info;
+ if (length < 2) {
+ exif_error_docref(NULL EXIFERR_CC, ImageInfo, E_WARNING, "Missing TIFF alignment marker");
+ return;
+ }
+
/* set the thumbnail stuff to nothing so we can test to see if they get set up */
if (memcmp(CharBuf, "II", 2) == 0) {
ImageInfo->motorola_intel = 0;
@@ -3795,7 +3800,7 @@ static int exif_scan_JPEG_header(image_info_type *ImageInfo)
return FALSE;
}
- sn = exif_file_sections_add(ImageInfo, marker, itemlen+1, NULL);
+ sn = exif_file_sections_add(ImageInfo, marker, itemlen, NULL);
Data = ImageInfo->file.list[sn].data;
/* Store first two pre-read bytes. */
diff --git a/ext/exif/tests/bug79282.phpt b/ext/exif/tests/bug79282.phpt
new file mode 100644
index 0000000000..7b7e365657
--- /dev/null
+++ b/ext/exif/tests/bug79282.phpt
@@ -0,0 +1,15 @@
+--TEST--
+Bug #79282: Use-of-uninitialized-value in exif
+--FILE--
+<?php
+
+var_dump(exif_read_data('data://image/jpeg;base64,/9jhAAlFeGlmAAAg'));
+
+?>
+--EXPECTF--
+Warning: exif_read_data(): Invalid TIFF alignment marker in %s on line %d
+
+Warning: exif_read_data(): File structure corrupted in %s on line %d
+
+Warning: exif_read_data(): Invalid JPEG file in %s on line %d
+bool(false)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.