[Pkg-php-commits] [php/debian-sid] Fix a segfault on exif_data_read with corrupted jpeg files (Closes: #535888)

Raphael Geissert atomo64 at gmail.com
Sun Feb 7 23:20:26 UTC 2010


Patch cherry-picked from upstream. Thanks to Michael S. Gilbert for the
report.
---
 debian/patches/exif_read_data-segfault.patch |   15 +++++++++++++++
 debian/patches/series                        |    1 +
 2 files changed, 16 insertions(+), 0 deletions(-)
 create mode 100644 debian/patches/exif_read_data-segfault.patch

diff --git a/debian/patches/exif_read_data-segfault.patch b/debian/patches/exif_read_data-segfault.patch
new file mode 100644
index 0000000..424e28d
--- /dev/null
+++ b/debian/patches/exif_read_data-segfault.patch
@@ -0,0 +1,15 @@
+Index: php/ext/exif/exif.c
+===================================================================
+--- php.orig/ext/exif/exif.c
++++ php/ext/exif/exif.c
+@@ -3219,6 +3219,10 @@ static void exif_process_TIFF_in_JPEG(im
+ 		exif_error_docref(NULL EXIFERR_CC, ImageInfo, E_WARNING, "Invalid IFD start");
+ 		return;
+ 	}
++	if (offset_of_ifd > length) {
++		exif_error_docref(NULL EXIFERR_CC, ImageInfo, E_WARNING, "Invalid IFD start");
++		return;
++	}
+ 
+ 	ImageInfo->sections_found |= FOUND_IFD0;
+ 	/* First directory starts at offset 8. Offsets starts at 0. */
diff --git a/debian/patches/series b/debian/patches/series
index a26c826..27d587d 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -35,3 +35,4 @@ bad_whatis_entries.patch
 gentoo/006_ext-curl-set_opt-crash.patch
 gentoo/009_ob-memory-leaks.patch
 mssql-null-exception.patch
+exif_read_data-segfault.patch
-- 
1.6.3.3





More information about the Pkg-php-commits mailing list