archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-16 05:58:45 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Merge branch 'PHP-7.3' into PHP-7.4

Browse source 
* PHP-7.3:
  Fix bug #77753 - Heap-buffer-overflow in php_ifd_get32s
This commit is contained in:
Stanislav Malyshev 2019-03-31 23:10:04 -07:00
commit f45e7861ef
3 changed files with 20 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

4
ext/exif/exif.c
View file

@ -3188,6 +3188,10 @@ static int exif_process_IFD_in_MAKERNOTE(image_info_type *ImageInfo, char * valu
exif_error_docref("exif_read_data#error_ifd" EXIFERR_CC, ImageInfo, E_WARNING, "Illegal IFD size: 2 + 0x%04X*12 = 0x%04X > 0x%04X", NumDirEntries, 2+NumDirEntries*12, value_len);
return FALSE;
}
if ((dir_start - value_ptr) > value_len - (2+NumDirEntries*12)) {
exif_error_docref("exif_read_data#error_ifd" EXIFERR_CC, ImageInfo, E_WARNING, "Illegal IFD size: 0x%04X > 0x%04X", (dir_start - value_ptr) + (2+NumDirEntries*12), value_len);
return FALSE;
}
for (de=0;de<NumDirEntries;de++) {
if (!exif_process_IFD_TAG(ImageInfo, dir_start + 2 + 12 * de,

16
ext/exif/tests/bug77753.phpt Normal file
View file

@ -0,0 +1,16 @@
--TEST--
Bug #77753 (Heap-buffer-overflow in php_ifd_get32s)
--SKIPIF--
<?php if (!extension_loaded('exif')) print 'skip exif extension not available';?>
--FILE--
<?php
var_dump(exif_read_data(__DIR__."/bug77753.tiff"));
?>
DONE
--EXPECTF--
%A
Warning: exif_read_data(bug77753.tiff): Illegal IFD size: 0x006A > 0x0065 in %sbug77753.php on line %d
Warning: exif_read_data(bug77753.tiff): Invalid TIFF file in %sbug77753.php on line %d
bool(false)
DONE

BIN
ext/exif/tests/bug77753.tiff Normal file
View file

Binary file not shown.