diff options
author | Ben Ramsey <ben@benramsey.com> | 2019-02-10 12:25:19 -0600 |
---|---|---|
committer | Nikita Popov <nikita.ppv@gmail.com> | 2019-02-12 09:28:33 +0100 |
commit | c4294440ffc4a59a1298292b76072e6759034a68 (patch) | |
tree | 75375e33dc8011c0228a234877387df88c4c902a | |
parent | 9222702633c63254b08466b322266b647ac3e905 (diff) | |
download | php-git-c4294440ffc4a59a1298292b76072e6759034a68.tar.gz |
Fixed bug #77564: Memory leak in exif_process_IFD_TAG
The memory leak occurs when more than one UserComment tag is present in
the EXIF data. It's still considered corrupt EXIF data, but this ensures
the memory is freed before trying to set to already allocated memory.
-rw-r--r-- | NEWS | 3 | ||||
-rw-r--r-- | ext/exif/exif.c | 4 | ||||
-rw-r--r-- | ext/exif/tests/bug77564/bug77564.jpg | bin | 0 -> 73 bytes | |||
-rw-r--r-- | ext/exif/tests/bug77564/bug77564.phpt | 18 |
4 files changed, 25 insertions, 0 deletions
@@ -6,6 +6,9 @@ PHP NEWS . Fixed bug #77589 (Core dump using parse_ini_string with numeric sections). (Laruence) +- Exif: + . Fixed bug #77564 (Memory leak in exif_process_IFD_TAG). (Ben Ramsey) + - PDO_OCI: . Support Oracle Database tracing attributes ACTION, MODULE, CLIENT_INFO, and CLIENT_IDENTIFIER. (Cameron Porter) diff --git a/ext/exif/exif.c b/ext/exif/exif.c index be02c9da40..9c202196c6 100644 --- a/ext/exif/exif.c +++ b/ext/exif/exif.c @@ -3405,6 +3405,10 @@ static int exif_process_IFD_TAG(image_info_type *ImageInfo, char *dir_entry, cha break; case TAG_USERCOMMENT: + EFREE_IF(ImageInfo->UserComment); + ImageInfo->UserComment = NULL; + EFREE_IF(ImageInfo->UserCommentEncoding); + ImageInfo->UserCommentEncoding = NULL; ImageInfo->UserCommentLength = exif_process_user_comment(ImageInfo, &(ImageInfo->UserComment), &(ImageInfo->UserCommentEncoding), value_ptr, byte_count); break; diff --git a/ext/exif/tests/bug77564/bug77564.jpg b/ext/exif/tests/bug77564/bug77564.jpg Binary files differnew file mode 100644 index 0000000000..868fffd1db --- /dev/null +++ b/ext/exif/tests/bug77564/bug77564.jpg diff --git a/ext/exif/tests/bug77564/bug77564.phpt b/ext/exif/tests/bug77564/bug77564.phpt new file mode 100644 index 0000000000..2f72b3c9ac --- /dev/null +++ b/ext/exif/tests/bug77564/bug77564.phpt @@ -0,0 +1,18 @@ +--TEST-- +Bug 77564 (Memory leak in exif_process_IFD_TAG) +--SKIPIF-- +<?php if (!extension_loaded('exif')) print 'skip exif extension not available';?> +--FILE-- +<?php +var_dump(exif_read_data(dirname(__FILE__) . '/bug77564.jpg')); +?> +DONE +--EXPECTF-- + +Warning: exif_read_data(bug77564.jpg): Illegal IFD offset in %sbug77564.php on line %d + +Warning: exif_read_data(bug77564.jpg): File structure corrupted in %sbug77564.php on line %d + +Warning: exif_read_data(bug77564.jpg): Invalid JPEG file in %sbug77564.php on line %d +bool(false) +DONE |