packages/php
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
php/CVE-2019-11041.patch
xiaoweiwei f55a106793 add CVE patches
2020-03-12 15:55:27 +08:00

46 lines
1.4 KiB
Diff
Raw Blame History

From dea2989ab8ba87a6180af497b2efaf0527e985c5 Mon Sep 17 00:00:00 2001
From: Stanislav Malyshev <stas@php.net>
Date: Sun, 7 Jul 2019 17:01:01 -0700
Subject: [PATCH] Fix bug #78222 (heap-buffer-overflow on exif_scan_thumbnail)
---
ext/exif/exif.c | 2 +-
ext/exif/tests/bug78222.phpt | 11 +++++++++++
2 files changed, 12 insertions(+), 1 deletion(-)
create mode 100644 ext/exif/tests/bug78222.phpt
diff --git a/ext/exif/exif.c b/ext/exif/exif.c
index 605b37923f..cd7975a9f5 100644
--- a/ext/exif/exif.c
+++ b/ext/exif/exif.c
@@ -3498,7 +3498,7 @@ static int exif_scan_thumbnail(image_info_type *ImageInfo)
size_t length=2, pos=0;
jpeg_sof_info sof_info;
- if (!data) {
+ if (!data || ImageInfo->Thumbnail.size < 4) {
return FALSE; /* nothing to do here */
}
if (memcmp(data, "\xFF\xD8\xFF", 3)) {
diff --git a/ext/exif/tests/bug78222.phpt b/ext/exif/tests/bug78222.phpt
new file mode 100644
index 0000000000..0e4ead33e4
--- /dev/null
+++ b/ext/exif/tests/bug78222.phpt
@@ -0,0 +1,11 @@
+--TEST--
+Bug #78222 (heap-buffer-overflow on exif_scan_thumbnail)
+--SKIPIF--
+<?php if (!extension_loaded('exif')) print 'skip exif extension not available';?>
+--FILE--
+<?php
+exif_read_data(__DIR__."/bug78222.jpg", 'THUMBNAIL', FALSE, TRUE);
+?>
+DONE
+--EXPECTF--
+DONE
\ No newline at end of file
--
2.21.0
Reference in New Issue View Git Blame Copy Permalink