1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
|
From ddb207e7fa2e9adeba021a1303c3781efda5409b Mon Sep 17 00:00:00 2001
From: Stanislav Malyshev <stas@php.net>
Date: Sun, 28 Sep 2014 16:57:42 -0700
Subject: [PATCH] Fix bug #68113 (Heap corruption in exif_thumbnail())
---
create mode 100755 ext/exif/tests/bug68113.jpg
create mode 100644 ext/exif/tests/bug68113.phpt
From ddb207e7fa2e9adeba021a1303c3781efda5409b Mon Sep 17 00:00:00 2001
From: Stanislav Malyshev <stas@php.net>
Date: Sun, 28 Sep 2014 16:57:42 -0700
Subject: [PATCH] Fix bug #68113 (Heap corruption in exif_thumbnail())
---
ext/exif/exif.c | 4 ++--
ext/exif/tests/bug68113.jpg | Bin 0 -> 368 bytes
ext/exif/tests/bug68113.phpt | 17 +++++++++++++++++
3 files changed, 19 insertions(+), 2 deletions(-)
create mode 100755 ext/exif/tests/bug68113.jpg
create mode 100644 ext/exif/tests/bug68113.phpt
Index: php5-5.3.10/ext/exif/exif.c
===================================================================
--- php5-5.3.10.orig/ext/exif/exif.c 2014-10-28 10:48:06.317008432 -0400
+++ php5-5.3.10/ext/exif/exif.c 2014-10-28 10:48:06.317008432 -0400
@@ -2446,11 +2446,11 @@
data_ptr += 8;
break;
case TAG_FMT_SINGLE:
- memmove(data_ptr, &info_data->value.f, byte_count);
+ memmove(data_ptr, &info_value->f, 4);
data_ptr += 4;
break;
case TAG_FMT_DOUBLE:
- memmove(data_ptr, &info_data->value.d, byte_count);
+ memmove(data_ptr, &info_value->d, 8);
data_ptr += 8;
break;
}
|