Skip to content

Instantly share code, notes, and snippets.

@smalyshev

smalyshev/70385.diff Secret

Created Aug 29, 2015
Embed
What would you like to do?
commit 64043cb9e5d8bc5af719678893e38ee0290e0c0a
Author: Stanislav Malyshev <stas@php.net>
Date: Fri Aug 28 22:25:41 2015 -0700
Fix bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes)
diff --git a/ext/exif/exif.c b/ext/exif/exif.c
index 7f95ff4..43e68c4 100644
--- a/ext/exif/exif.c
+++ b/ext/exif/exif.c
@@ -3061,10 +3061,10 @@ static int exif_process_IFD_TAG(image_info_type *ImageInfo, char *dir_entry, cha
break;
case TAG_MAKE:
- ImageInfo->make = estrdup(value_ptr);
+ ImageInfo->make = estrndup(value_ptr, byte_count);
break;
case TAG_MODEL:
- ImageInfo->model = estrdup(value_ptr);
+ ImageInfo->model = estrndup(value_ptr, byte_count);
break;
case TAG_MAKER_NOTE:
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment