diff options
-rw-r--r-- | ext/exif/exif.c | 2 | ||||
-rw-r--r-- | ext/exif/tests/bug76130.phpt | 20 | ||||
-rw-r--r-- | ext/exif/tests/bug76130_1.jpg | bin | 0 -> 3396 bytes | |||
-rw-r--r-- | ext/exif/tests/bug76130_2.jpg | bin | 0 -> 1632 bytes | |||
-rw-r--r-- | ext/phar/phar_object.c | 6 | ||||
-rw-r--r-- | ext/phar/tests/cache_list/frontcontroller10.phpt | 2 | ||||
-rw-r--r-- | ext/phar/tests/cache_list/frontcontroller6.phpt | 2 | ||||
-rw-r--r-- | ext/phar/tests/cache_list/frontcontroller8.phpt | 2 | ||||
-rw-r--r-- | ext/phar/tests/frontcontroller10.phpt | 2 | ||||
-rw-r--r-- | ext/phar/tests/frontcontroller6.phpt | 2 | ||||
-rw-r--r-- | ext/phar/tests/frontcontroller8.phpt | 2 | ||||
-rw-r--r-- | ext/phar/tests/tar/frontcontroller10.phar.phpt | 2 | ||||
-rw-r--r-- | ext/phar/tests/tar/frontcontroller6.phar.phpt | 2 | ||||
-rw-r--r-- | ext/phar/tests/tar/frontcontroller8.phar.phpt | 2 | ||||
-rw-r--r-- | ext/phar/tests/zip/frontcontroller10.phar.phpt | 2 | ||||
-rw-r--r-- | ext/phar/tests/zip/frontcontroller6.phar.phpt | 2 | ||||
-rw-r--r-- | ext/phar/tests/zip/frontcontroller8.phar.phpt | 2 |
17 files changed, 35 insertions, 17 deletions
diff --git a/ext/exif/exif.c b/ext/exif/exif.c index 1c8772f76b..e535278fc9 100644 --- a/ext/exif/exif.c +++ b/ext/exif/exif.c @@ -1710,7 +1710,7 @@ static void exif_iif_add_value(image_info_type *image_info, int section_index, c case TAG_FMT_UNDEFINED: if (value) { if (tag == TAG_MAKER_NOTE) { - length = MIN(length, strlen(value)); + length = (int) php_strnlen(value, length); } /* do not recompute length here */ diff --git a/ext/exif/tests/bug76130.phpt b/ext/exif/tests/bug76130.phpt new file mode 100644 index 0000000000..9c826af629 --- /dev/null +++ b/ext/exif/tests/bug76130.phpt @@ -0,0 +1,20 @@ +--TEST-- +Bug #76130 (Heap Buffer Overflow (READ: 1786) in exif_iif_add_value) +--DESCRIPTION-- +This test is meant to exhibit memory issues with the `-m` option. Since a lot of +notices and warnings are to be expected anyway, we suppress these, since the are +not relevant for this test. +--INI-- +error_reporting=E_ALL & ~E_WARNING & ~E_NOTICE +--SKIPIF-- +<?php +if (!extension_loaded('exif')) die('skip exif extension not available'); +?> +--FILE-- +<?php +exif_read_data(__DIR__ . '/bug76130_1.jpg'); +exif_read_data(__DIR__ . '/bug76130_2.jpg'); +?> +===DONE=== +--EXPECT-- +===DONE=== diff --git a/ext/exif/tests/bug76130_1.jpg b/ext/exif/tests/bug76130_1.jpg Binary files differnew file mode 100644 index 0000000000..e063e46d22 --- /dev/null +++ b/ext/exif/tests/bug76130_1.jpg diff --git a/ext/exif/tests/bug76130_2.jpg b/ext/exif/tests/bug76130_2.jpg Binary files differnew file mode 100644 index 0000000000..a9e79dca5c --- /dev/null +++ b/ext/exif/tests/bug76130_2.jpg diff --git a/ext/phar/phar_object.c b/ext/phar/phar_object.c index 64d7a6c76e..a6f56ac8af 100644 --- a/ext/phar/phar_object.c +++ b/ext/phar/phar_object.c @@ -340,8 +340,7 @@ static void phar_do_403(char *entry, int entry_len TSRMLS_DC) /* {{{ */ sapi_header_op(SAPI_HEADER_REPLACE, &ctr TSRMLS_CC); sapi_send_headers(TSRMLS_C); PHPWRITE("<html>\n <head>\n <title>Access Denied</title>\n </head>\n <body>\n <h1>403 - File ", sizeof("<html>\n <head>\n <title>Access Denied</title>\n </head>\n <body>\n <h1>403 - File ") - 1); - PHPWRITE(entry, entry_len); - PHPWRITE(" Access Denied</h1>\n </body>\n</html>", sizeof(" Access Denied</h1>\n </body>\n</html>") - 1); + PHPWRITE("Access Denied</h1>\n </body>\n</html>", sizeof("Access Denied</h1>\n </body>\n</html>") - 1); } /* }}} */ @@ -365,8 +364,7 @@ static void phar_do_404(phar_archive_data *phar, char *fname, int fname_len, cha sapi_header_op(SAPI_HEADER_REPLACE, &ctr TSRMLS_CC); sapi_send_headers(TSRMLS_C); PHPWRITE("<html>\n <head>\n <title>File Not Found</title>\n </head>\n <body>\n <h1>404 - File ", sizeof("<html>\n <head>\n <title>File Not Found</title>\n </head>\n <body>\n <h1>404 - File ") - 1); - PHPWRITE(entry, entry_len); - PHPWRITE(" Not Found</h1>\n </body>\n</html>", sizeof(" Not Found</h1>\n </body>\n</html>") - 1); + PHPWRITE("Not Found</h1>\n </body>\n</html>", sizeof("Not Found</h1>\n </body>\n</html>") - 1); } /* }}} */ diff --git a/ext/phar/tests/cache_list/frontcontroller10.phpt b/ext/phar/tests/cache_list/frontcontroller10.phpt index 00177d4ff5..5fd986895d 100644 --- a/ext/phar/tests/cache_list/frontcontroller10.phpt +++ b/ext/phar/tests/cache_list/frontcontroller10.phpt @@ -20,6 +20,6 @@ Status: 403 Access Denied <title>Access Denied</title> </head> <body> - <h1>403 - File /hi Access Denied</h1> + <h1>403 - File Access Denied</h1> </body> </html> diff --git a/ext/phar/tests/cache_list/frontcontroller6.phpt b/ext/phar/tests/cache_list/frontcontroller6.phpt index 2480be4129..a79c958517 100644 --- a/ext/phar/tests/cache_list/frontcontroller6.phpt +++ b/ext/phar/tests/cache_list/frontcontroller6.phpt @@ -18,6 +18,6 @@ Status: 404 Not Found <title>File Not Found</title> </head> <body> - <h1>404 - File /notfound.php Not Found</h1> + <h1>404 - File Not Found</h1> </body> </html>
\ No newline at end of file diff --git a/ext/phar/tests/cache_list/frontcontroller8.phpt b/ext/phar/tests/cache_list/frontcontroller8.phpt index bf9b390def..e04f9e5a3a 100644 --- a/ext/phar/tests/cache_list/frontcontroller8.phpt +++ b/ext/phar/tests/cache_list/frontcontroller8.phpt @@ -18,6 +18,6 @@ Status: 404 Not Found <title>File Not Found</title> </head> <body> - <h1>404 - File /index.php Not Found</h1> + <h1>404 - File Not Found</h1> </body> </html>
\ No newline at end of file diff --git a/ext/phar/tests/frontcontroller10.phpt b/ext/phar/tests/frontcontroller10.phpt index 667d5c243c..b3f5e640dd 100644 --- a/ext/phar/tests/frontcontroller10.phpt +++ b/ext/phar/tests/frontcontroller10.phpt @@ -19,6 +19,6 @@ Status: 403 Access Denied <title>Access Denied</title> </head> <body> - <h1>403 - File /hi Access Denied</h1> + <h1>403 - File Access Denied</h1> </body> </html> diff --git a/ext/phar/tests/frontcontroller6.phpt b/ext/phar/tests/frontcontroller6.phpt index 1a2cc2cd23..c5dd382b10 100644 --- a/ext/phar/tests/frontcontroller6.phpt +++ b/ext/phar/tests/frontcontroller6.phpt @@ -16,6 +16,6 @@ Status: 404 Not Found <title>File Not Found</title> </head> <body> - <h1>404 - File /notfound.php Not Found</h1> + <h1>404 - File Not Found</h1> </body> </html>
\ No newline at end of file diff --git a/ext/phar/tests/frontcontroller8.phpt b/ext/phar/tests/frontcontroller8.phpt index 36e3206d66..77d33dac38 100644 --- a/ext/phar/tests/frontcontroller8.phpt +++ b/ext/phar/tests/frontcontroller8.phpt @@ -16,6 +16,6 @@ Status: 404 Not Found <title>File Not Found</title> </head> <body> - <h1>404 - File /index.php Not Found</h1> + <h1>404 - File Not Found</h1> </body> </html>
\ No newline at end of file diff --git a/ext/phar/tests/tar/frontcontroller10.phar.phpt b/ext/phar/tests/tar/frontcontroller10.phar.phpt index f1fc6e3d0f..23ce6f37e2 100644 --- a/ext/phar/tests/tar/frontcontroller10.phar.phpt +++ b/ext/phar/tests/tar/frontcontroller10.phar.phpt @@ -19,6 +19,6 @@ Status: 403 Access Denied <title>Access Denied</title> </head> <body> - <h1>403 - File /hi Access Denied</h1> + <h1>403 - File Access Denied</h1> </body> </html>
\ No newline at end of file diff --git a/ext/phar/tests/tar/frontcontroller6.phar.phpt b/ext/phar/tests/tar/frontcontroller6.phar.phpt index 5375beef8c..b811f00f75 100644 --- a/ext/phar/tests/tar/frontcontroller6.phar.phpt +++ b/ext/phar/tests/tar/frontcontroller6.phar.phpt @@ -16,6 +16,6 @@ Status: 404 Not Found <title>File Not Found</title> </head> <body> - <h1>404 - File /notfound.php Not Found</h1> + <h1>404 - File Not Found</h1> </body> </html>
\ No newline at end of file diff --git a/ext/phar/tests/tar/frontcontroller8.phar.phpt b/ext/phar/tests/tar/frontcontroller8.phar.phpt index 19844cb199..a180e2010a 100644 --- a/ext/phar/tests/tar/frontcontroller8.phar.phpt +++ b/ext/phar/tests/tar/frontcontroller8.phar.phpt @@ -16,6 +16,6 @@ Status: 404 Not Found <title>File Not Found</title> </head> <body> - <h1>404 - File /index.php Not Found</h1> + <h1>404 - File Not Found</h1> </body> </html>
\ No newline at end of file diff --git a/ext/phar/tests/zip/frontcontroller10.phar.phpt b/ext/phar/tests/zip/frontcontroller10.phar.phpt index 56d16c2064..5bbe9e1aff 100644 --- a/ext/phar/tests/zip/frontcontroller10.phar.phpt +++ b/ext/phar/tests/zip/frontcontroller10.phar.phpt @@ -19,6 +19,6 @@ Status: 403 Access Denied <title>Access Denied</title> </head> <body> - <h1>403 - File /hi Access Denied</h1> + <h1>403 - File Access Denied</h1> </body> </html>
\ No newline at end of file diff --git a/ext/phar/tests/zip/frontcontroller6.phar.phpt b/ext/phar/tests/zip/frontcontroller6.phar.phpt index 15489f6ca7..63f7c62e88 100644 --- a/ext/phar/tests/zip/frontcontroller6.phar.phpt +++ b/ext/phar/tests/zip/frontcontroller6.phar.phpt @@ -17,6 +17,6 @@ Status: 404 Not Found <title>File Not Found</title> </head> <body> - <h1>404 - File /notfound.php Not Found</h1> + <h1>404 - File Not Found</h1> </body> </html>
\ No newline at end of file diff --git a/ext/phar/tests/zip/frontcontroller8.phar.phpt b/ext/phar/tests/zip/frontcontroller8.phar.phpt index 1b0d133bc7..d4c3a3f9ea 100644 --- a/ext/phar/tests/zip/frontcontroller8.phar.phpt +++ b/ext/phar/tests/zip/frontcontroller8.phar.phpt @@ -16,6 +16,6 @@ Status: 404 Not Found <title>File Not Found</title> </head> <body> - <h1>404 - File /index.php Not Found</h1> + <h1>404 - File Not Found</h1> </body> </html>
\ No newline at end of file |