diff options
author | Stanislav Malyshev <stas@php.net> | 2016-08-08 00:49:34 -0700 |
---|---|---|
committer | Ferenc Kovacs <tyra3l@gmail.com> | 2016-08-18 12:52:15 +0200 |
commit | 32a629ef2cff754c3dd6cc24eb1e25aeaf439891 (patch) | |
tree | 46e0bbee4d37ddfb1055f783b150e91c04a0072a | |
parent | 82b95bb758ac707a2372f2edaed70589b6f374d3 (diff) | |
download | php-git-32a629ef2cff754c3dd6cc24eb1e25aeaf439891.tar.gz |
Fixed bug #72627: Memory Leakage In exif_process_IFD_in_TIFF
-rw-r--r-- | ext/exif/exif.c | 5 | ||||
-rw-r--r-- | ext/exif/tests/bug72627.phpt | 71 | ||||
-rw-r--r-- | ext/exif/tests/bug72627.tiff | bin | 0 -> 1250 bytes |
3 files changed, 75 insertions, 1 deletions
diff --git a/ext/exif/exif.c b/ext/exif/exif.c index f95de3a14f..657a2cc1f2 100644 --- a/ext/exif/exif.c +++ b/ext/exif/exif.c @@ -3768,8 +3768,11 @@ static int exif_process_IFD_in_TIFF(image_info_type *ImageInfo, size_t dir_offse fgot = php_stream_read(ImageInfo->infile, ImageInfo->Thumbnail.data, ImageInfo->Thumbnail.size); if (fgot < ImageInfo->Thumbnail.size) { EXIF_ERRLOG_THUMBEOF(ImageInfo) + efree(ImageInfo->Thumbnail.data); + ImageInfo->Thumbnail.data = NULL; + } else { + exif_thumbnail_build(ImageInfo TSRMLS_CC); } - exif_thumbnail_build(ImageInfo TSRMLS_CC); } #ifdef EXIF_DEBUG exif_error_docref(NULL EXIFERR_CC, ImageInfo, E_NOTICE, "Read next IFD (THUMBNAIL) done"); diff --git a/ext/exif/tests/bug72627.phpt b/ext/exif/tests/bug72627.phpt new file mode 100644 index 0000000000..bb6a1fae99 --- /dev/null +++ b/ext/exif/tests/bug72627.phpt @@ -0,0 +1,71 @@ +--TEST-- +Bug #72627 (Memory Leakage In exif_process_IFD_in_TIFF) +--SKIPIF-- +<?php if (!extension_loaded('exif')) print 'skip exif extension not available';?> +--FILE-- +<?php + $exif = exif_read_data(__DIR__ . '/bug72627.tiff',0,0,true); + var_dump($exif); +?> +--EXPECTF-- +Warning: exif_read_data(%s): Thumbnail goes IFD boundary or end of file reached in %sbug72627.php on line %d + +Warning: exif_read_data(%s): Error in TIFF: filesize(x04E2) less than start of IFD dir(x829A0004) in %sbug72627.php on line %d + +Warning: exif_read_data(%s): Thumbnail goes IFD boundary or end of file reached in %sbug72627.php on line %d +array(11) { + ["FileName"]=> + string(13) "bug72627.tiff" + ["FileDateTime"]=> + int(%d) + ["FileSize"]=> + int(1250) + ["FileType"]=> + int(7) + ["MimeType"]=> + string(10) "image/tiff" + ["SectionsFound"]=> + string(30) "ANY_TAG, IFD0, THUMBNAIL, EXIF" + ["COMPUTED"]=> + array(10) { + ["html"]=> + string(24) "width="128" height="132"" + ["Height"]=> + int(132) + ["Width"]=> + int(128) + ["IsColor"]=> + int(0) + ["ByteOrderMotorola"]=> + int(0) + ["ApertureFNumber"]=> + string(5) "f/1.0" + ["Thumbnail.FileType"]=> + int(2) + ["Thumbnail.MimeType"]=> + string(10) "image/jpeg" + ["Thumbnail.Height"]=> + int(132) + ["Thumbnail.Width"]=> + int(128) + } + ["XResolution"]=> + string(21) "1414812756/1414812756" + ["THUMBNAIL"]=> + array(5) { + ["ImageWidth"]=> + int(128) + ["ImageLength"]=> + int(132) + ["JPEGInterchangeFormat"]=> + int(1280) + ["JPEGInterchangeFormatLength"]=> + int(100) + ["THUMBNAIL"]=> + NULL + } + ["ExposureTime"]=> + string(21) "1414812756/1414812756" + ["FNumber"]=> + string(21) "1414812756/1414812756" +} diff --git a/ext/exif/tests/bug72627.tiff b/ext/exif/tests/bug72627.tiff Binary files differnew file mode 100644 index 0000000000..229190a604 --- /dev/null +++ b/ext/exif/tests/bug72627.tiff |