pajoye Thu May 28 14:03:09 2009 UTC Added files: (Branch: PHP_5_2) /php-src/ext/exif/tests bug48378.jpeg bug48378.phpt
Modified files: /php-src/ext/exif exif.c Log: - MFB: #48378, exif_read_data() segfaults on certain corrupted .jpeg files http://cvs.php.net/viewvc.cgi/php-src/ext/exif/exif.c?r1=1.173.2.5.2.27&r2=1.173.2.5.2.28&diff_format=u Index: php-src/ext/exif/exif.c diff -u php-src/ext/exif/exif.c:1.173.2.5.2.27 php-src/ext/exif/exif.c:1.173.2.5.2.28 --- php-src/ext/exif/exif.c:1.173.2.5.2.27 Wed Dec 31 11:17:37 2008 +++ php-src/ext/exif/exif.c Thu May 28 14:03:09 2009 @@ -17,7 +17,7 @@ +----------------------------------------------------------------------+ */ -/* $Id: exif.c,v 1.173.2.5.2.27 2008/12/31 11:17:37 sebastian Exp $ */ +/* $Id: exif.c,v 1.173.2.5.2.28 2009/05/28 14:03:09 pajoye Exp $ */ /* ToDos * @@ -142,7 +142,7 @@ }; /* }}} */ -#define EXIF_VERSION "1.4 $Id: exif.c,v 1.173.2.5.2.27 2008/12/31 11:17:37 sebastian Exp $" +#define EXIF_VERSION "1.4 $Id: exif.c,v 1.173.2.5.2.28 2009/05/28 14:03:09 pajoye Exp $" /* {{{ PHP_MINFO_FUNCTION */ @@ -3215,6 +3215,10 @@ exif_error_docref(NULL EXIFERR_CC, ImageInfo, E_WARNING, "Invalid TIFF start (1)"); return; } + if (offset_of_ifd > length) { + exif_error_docref(NULL EXIFERR_CC, ImageInfo, E_WARNING, "Invalid IFD start"); + return; + } ImageInfo->sections_found |= FOUND_IFD0; /* First directory starts at offset 8. Offsets starts at 0. */ http://cvs.php.net/viewvc.cgi/php-src/ext/exif/tests/bug48378.phpt?view=markup&rev=1.1 Index: php-src/ext/exif/tests/bug48378.phpt +++ php-src/ext/exif/tests/bug48378.phpt --TEST-- Bug #48378 (Infinite recursion due to corrupt JPEG) --SKIPIF-- <?php if (!extension_loaded('exif')) print 'skip exif extension not available';?> --FILE-- <?php exif_read_data( dirname(__FILE__) . "/bug48378.jpeg", "FILE,COMPUTED,ANY_TAG" ); ?> --EXPECTF-- Warning: exif_read_data(%s): Invalid IFD start in %s48378.php on line %d Warning: exif_read_data(%s): Error reading from file: got=x08B4(=2228) != itemlen-2=x1FFE(=8190) in %s48378.php on line %d Warning: exif_read_data(%s): Invalid JPEG file in %s48378.php on line %d -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php