nikic/exif.patch Secret

## exif.patch
commit 9ba12a28402fa413cc695a55096a08bbcdfd7884
Author: Nikita Popov <nikita.ppv@gmail.com>
Date:   Wed Dec 4 13:35:01 2019 +0100

    Fixed bug #78910

diff --git a/ext/exif/exif.c b/ext/exif/exif.c
index f961f44a46..c0be05922f 100644
--- a/ext/exif/exif.c
+++ b/ext/exif/exif.c
@@ -3165,7 +3165,8 @@ static int exif_process_IFD_in_MAKERNOTE(image_info_type *ImageInfo, char * valu
 			continue;
 		if (maker_note->model && (!ImageInfo->model || strcmp(maker_note->model, ImageInfo->model)))
 			continue;
-		if (maker_note->id_string && strncmp(maker_note->id_string, value_ptr, maker_note->id_string_len))
+		if (maker_note->id_string && value_len >= maker_note->id_string_len
+				&& strncmp(maker_note->id_string, value_ptr, maker_note->id_string_len))
 			continue;
 		break;
 	}
diff --git a/ext/exif/tests/bug78910.phpt b/ext/exif/tests/bug78910.phpt
new file mode 100644
index 0000000000..f5b1c32c1b
--- /dev/null
+++ b/ext/exif/tests/bug78910.phpt
@@ -0,0 +1,17 @@
+--TEST--
+Bug #78910: Heap-buffer-overflow READ in exif (OSS-Fuzz #19044)
+--FILE--
+<?php
+
+var_dump(exif_read_data('data:image/jpg;base64,TU0AKgAAAAwgICAgAAIBDwAEAAAAAgAAACKSfCAgAAAAAEZVSklGSUxN'));
+
+?>
+--EXPECTF--
+Notice: exif_read_data(): Read from TIFF: tag(0x927C, MakerNote  ): Illegal format code 0x2020, switching to BYTE in %s on line %d
+
+Warning: exif_read_data(): Process tag(x927C=MakerNote  ): Illegal format code 0x2020, suppose BYTE in %s on line %d
+
+Warning: exif_read_data(): IFD data too short: 0x0000 offset 0x000C in %s on line %d
+
+Warning: exif_read_data(): Invalid TIFF file in %s on line %d
+bool(false)
	commit 9ba12a28402fa413cc695a55096a08bbcdfd7884
	Author: Nikita Popov <nikita.ppv@gmail.com>
	Date: Wed Dec 4 13:35:01 2019 +0100

	Fixed bug #78910

	diff --git a/ext/exif/exif.c b/ext/exif/exif.c
	index f961f44a46..c0be05922f 100644
	--- a/ext/exif/exif.c
	+++ b/ext/exif/exif.c
	@@ -3165,7 +3165,8 @@ static int exif_process_IFD_in_MAKERNOTE(image_info_type ImageInfo, char valu
	continue;
	if (maker_note->model && (!ImageInfo->model \|\| strcmp(maker_note->model, ImageInfo->model)))
	continue;
	- if (maker_note->id_string && strncmp(maker_note->id_string, value_ptr, maker_note->id_string_len))
	+ if (maker_note->id_string && value_len >= maker_note->id_string_len
	+ && strncmp(maker_note->id_string, value_ptr, maker_note->id_string_len))
	continue;
	break;
	}
	diff --git a/ext/exif/tests/bug78910.phpt b/ext/exif/tests/bug78910.phpt
	new file mode 100644
	index 0000000000..f5b1c32c1b
	--- /dev/null
	+++ b/ext/exif/tests/bug78910.phpt
	@@ -0,0 +1,17 @@
	+--TEST--
	+Bug #78910: Heap-buffer-overflow READ in exif (OSS-Fuzz #19044)
	+--FILE--
	+<?php
	+
	+var_dump(exif_read_data('data:image/jpg;base64,TU0AKgAAAAwgICAgAAIBDwAEAAAAAgAAACKSfCAgAAAAAEZVSklGSUxN'));
	+
	+?>
	+--EXPECTF--
	+Notice: exif_read_data(): Read from TIFF: tag(0x927C, MakerNote ): Illegal format code 0x2020, switching to BYTE in %s on line %d
	+
	+Warning: exif_read_data(): Process tag(x927C=MakerNote ): Illegal format code 0x2020, suppose BYTE in %s on line %d
	+
	+Warning: exif_read_data(): IFD data too short: 0x0000 offset 0x000C in %s on line %d
	+
	+Warning: exif_read_data(): Invalid TIFF file in %s on line %d
	+bool(false)