addpkg: php53 5.3.29-4

1 files changed, 40 insertions, 0 deletions

diff --git a/CVE-2014-3670.patch b/CVE-2014-3670.patch
new file mode 100644
index 000000000000..bdba3b0ddd12
--- /dev/null
+++ b/CVE-2014-3670.patch
@@ -0,0 +1,40 @@
+From ddb207e7fa2e9adeba021a1303c3781efda5409b Mon Sep 17 00:00:00 2001
+From: Stanislav Malyshev <stas@php.net>
+Date: Sun, 28 Sep 2014 16:57:42 -0700
+Subject: [PATCH] Fix bug #68113 (Heap corruption in exif_thumbnail())
+
+---
+ create mode 100755 ext/exif/tests/bug68113.jpg
+ create mode 100644 ext/exif/tests/bug68113.phpt
+
+From ddb207e7fa2e9adeba021a1303c3781efda5409b Mon Sep 17 00:00:00 2001
+From: Stanislav Malyshev <stas@php.net>
+Date: Sun, 28 Sep 2014 16:57:42 -0700
+Subject: [PATCH] Fix bug #68113 (Heap corruption in exif_thumbnail())
+
+---
+ ext/exif/exif.c              |   4 ++--
+ ext/exif/tests/bug68113.jpg  | Bin 0 -> 368 bytes
+ ext/exif/tests/bug68113.phpt |  17 +++++++++++++++++
+ 3 files changed, 19 insertions(+), 2 deletions(-)
+ create mode 100755 ext/exif/tests/bug68113.jpg
+ create mode 100644 ext/exif/tests/bug68113.phpt
+
+Index: php5-5.3.10/ext/exif/exif.c
+===================================================================
+--- php5-5.3.10.orig/ext/exif/exif.c	2014-10-28 10:48:06.317008432 -0400
++++ php5-5.3.10/ext/exif/exif.c	2014-10-28 10:48:06.317008432 -0400
+@@ -2446,11 +2446,11 @@
+ 					data_ptr += 8;
+ 					break;
+ 				case TAG_FMT_SINGLE:
+-					memmove(data_ptr, &info_data->value.f, byte_count);
++					memmove(data_ptr, &info_value->f, 4);
+ 					data_ptr += 4;
+ 					break;
+ 				case TAG_FMT_DOUBLE:
+-					memmove(data_ptr, &info_data->value.d, byte_count);
++					memmove(data_ptr, &info_value->d, 8);
+ 					data_ptr += 8;
+ 					break;
+ 			}