pajoye Thu May 28 13:45:16 2009 UTC
Modified files: (Branch: PHP_5_3)
/php-src/ext/exif exif.c
Log:
- MFH: #48378, exif_read_data() segfaults on certain corrupted .jpeg files
http://cvs.php.net/viewvc.cgi/php-src/ext/exif/exif.c?r1=1.173.2.5.2.20.2.14&r2=1.173.2.5.2.20.2.15&diff_format=u
Index: php-src/ext/exif/exif.c
diff -u php-src/ext/exif/exif.c:1.173.2.5.2.20.2.14
php-src/ext/exif/exif.c:1.173.2.5.2.20.2.15
--- php-src/ext/exif/exif.c:1.173.2.5.2.20.2.14 Wed Dec 31 11:15:36 2008
+++ php-src/ext/exif/exif.c Thu May 28 13:45:15 2009
@@ -17,7 +17,7 @@
+----------------------------------------------------------------------+
*/
-/* $Id: exif.c,v 1.173.2.5.2.20.2.14 2008/12/31 11:15:36 sebastian Exp $ */
+/* $Id: exif.c,v 1.173.2.5.2.20.2.15 2009/05/28 13:45:15 pajoye Exp $ */
/* ToDos
*
@@ -138,7 +138,7 @@
};
/* }}} */
-#define EXIF_VERSION "1.4 $Id: exif.c,v 1.173.2.5.2.20.2.14 2008/12/31
11:15:36 sebastian Exp $"
+#define EXIF_VERSION "1.4 $Id: exif.c,v 1.173.2.5.2.20.2.15 2009/05/28
13:45:15 pajoye Exp $"
/* {{{ PHP_MINFO_FUNCTION
*/
@@ -3210,6 +3210,10 @@
exif_error_docref(NULL EXIFERR_CC, ImageInfo, E_WARNING,
"Invalid TIFF start (1)");
return;
}
+ if (offset_of_ifd > length) {
+ exif_error_docref(NULL EXIFERR_CC, ImageInfo, E_WARNING,
"Invalid IFD start");
+ return;
+ }
ImageInfo->sections_found |= FOUND_IFD0;
/* First directory starts at offset 8. Offsets starts at 0. */
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
