smalyshev/70385.diff Secret

## 70385.diff
commit 64043cb9e5d8bc5af719678893e38ee0290e0c0a
Author: Stanislav Malyshev <stas@php.net>
Date:   Fri Aug 28 22:25:41 2015 -0700

    Fix bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes)

diff --git a/ext/exif/exif.c b/ext/exif/exif.c
index 7f95ff4..43e68c4 100644
--- a/ext/exif/exif.c
+++ b/ext/exif/exif.c
@@ -3061,10 +3061,10 @@ static int exif_process_IFD_TAG(image_info_type *ImageInfo, char *dir_entry, cha
 				break;

 			case TAG_MAKE:
-				ImageInfo->make = estrdup(value_ptr);
+				ImageInfo->make = estrndup(value_ptr, byte_count);
 				break;
 			case TAG_MODEL:
-				ImageInfo->model = estrdup(value_ptr);
+				ImageInfo->model = estrndup(value_ptr, byte_count);
 				break;

 			case TAG_MAKER_NOTE:
	commit 64043cb9e5d8bc5af719678893e38ee0290e0c0a
	Author: Stanislav Malyshev <stas@php.net>
	Date: Fri Aug 28 22:25:41 2015 -0700

	Fix bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes)

	diff --git a/ext/exif/exif.c b/ext/exif/exif.c
	index 7f95ff4..43e68c4 100644
	--- a/ext/exif/exif.c
	+++ b/ext/exif/exif.c
	@@ -3061,10 +3061,10 @@ static int exif_process_IFD_TAG(image_info_type ImageInfo, char dir_entry, cha
	break;

	case TAG_MAKE:
	- ImageInfo->make = estrdup(value_ptr);
	+ ImageInfo->make = estrndup(value_ptr, byte_count);
	break;
	case TAG_MODEL:
	- ImageInfo->model = estrdup(value_ptr);
	+ ImageInfo->model = estrndup(value_ptr, byte_count);
	break;

	case TAG_MAKER_NOTE: