|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
[2019-06-27 21:43 UTC] orestiskourides at gmail dot com
Description:
------------
==14771==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x602000001712 at pc 0x0000004523c2 bp 0x7ffd91582ab0 sp 0x7ffd91582240
READ of size 3 at 0x602000001712 thread T0
SCARINESS: 15 (3-byte-read-heap-buffer-overflow)
#0 0x4523c1 in __interceptor_memcmp /scratch/llvm/clang-4/xenial/final/llvm.src/projects/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:690:7
#1 0x72ac2d in exif_scan_thumbnail /home/ninja/php/php-7.3.6/ext/exif/exif.c:3898:6
#2 0x728462 in zif_exif_read_data /home/ninja/php/php-7.3.6/ext/exif/exif.c:4583:4
#3 0xe259ce in ZEND_DO_ICALL_SPEC_RETVAL_UNUSED_HANDLER /home/ninja/php/php-7.3.6/Zend/zend_vm_execute.h:645:2
#4 0xd22ed3 in execute_ex /home/ninja/php/php-7.3.6/Zend/zend_vm_execute.h:55334:7
#5 0xd235fc in zend_execute /home/ninja/php/php-7.3.6/Zend/zend_vm_execute.h:60881:2
#6 0xbe4f1c in zend_execute_scripts /home/ninja/php/php-7.3.6/Zend/zend.c:1568:4
#7 0xa3d95d in php_execute_script /home/ninja/php/php-7.3.6/main/main.c:2630:14
#8 0xf22877 in do_cli /home/ninja/php/php-7.3.6/sapi/cli/php_cli.c:997:5
#9 0xf1f656 in main /home/ninja/php/php-7.3.6/sapi/cli/php_cli.c:1389:18
#10 0x7f4194434b96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310
#11 0x4395b9 in _start (/home/ninja/php/php-7.3.6_asan/sapi/cli/php+0x4395b9)
0x602000001712 is located 0 bytes to the right of 2-byte region [0x602000001710,0x602000001712)
allocated by thread T0 here:
#0 0x4e02ac in malloc /scratch/llvm/clang-4/xenial/final/llvm.src/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:66:3
#1 0xb39a2e in __zend_malloc /home/ninja/php/php-7.3.6/Zend/zend_alloc.c:2903:14
SUMMARY: AddressSanitizer: heap-buffer-overflow /scratch/llvm/clang-4/xenial/final/llvm.src/projects/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:690:7 in __interceptor_memcmp
Test script:
---------------
<?
$img = fopen("php://memory","r+");
fwrite($img,hex2bin("ffd8e100554578696600004d4d002a0000000c30303030000000000012000302020001000000010100303001110001000000013d3030300101000100000001303030303030303030ffd8ff30003030303025303030303030da0002"));
$test=exif_read_data($img, 'THUMBNAIL', FALSE, TRUE);
?>
Expected result:
----------------
No crash
Actual result:
--------------
==22203== Memcheck, a memory error detector
==22203== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==22203== Using Valgrind-3.13.0 and LibVEX; rerun with -h for copyright info
==22203== Command: sapi/cli/php test.php
==22203==
==22203== Conditional jump or move depends on uninitialised value(s)
==22203== at 0x5F06CA: zend_string_equal_val (zend_string.c:417)
==22203== by 0x5F06CA: zend_string_equal_content (zend_string.h:310)
==22203== by 0x5F06CA: zend_interned_string_ht_lookup (zend_string.c:156)
==22203== by 0x5F06CA: zend_new_interned_string_permanent (zend_string.c:196)
==22203== by 0x5E0308: zend_register_ini_entries (zend_ini.c:261)
==22203== by 0x5660B0: php_module_startup (main.c:2275)
==22203== by 0x67C1BB: php_cli_startup (php_cli.c:420)
==22203== by 0x67B112: main (php_cli.c:1356)
==22203==
==22203== Conditional jump or move depends on uninitialised value(s)
==22203== at 0x5F06CA: zend_string_equal_val (zend_string.c:417)
==22203== by 0x5F06CA: zend_string_equal_content (zend_string.h:310)
==22203== by 0x5F06CA: zend_interned_string_ht_lookup (zend_string.c:156)
==22203== by 0x5F06CA: zend_new_interned_string_permanent (zend_string.c:196)
==22203== by 0x5CCA8C: zend_register_functions (zend_API.c:2283)
==22203== by 0x5CDB0F: do_register_internal_class (zend_API.c:2727)
==22203== by 0x5CD98D: zend_register_internal_class (zend_API.c:2775)
==22203== by 0x5CD98D: zend_register_internal_class_ex (zend_API.c:2747)
==22203== by 0x5E6A8A: zend_register_default_exception (zend_exceptions.c:827)
==22203== by 0x602C5A: zend_register_default_classes (zend_default_classes.c:32)
==22203== by 0x5DB523: zm_startup_core (zend_builtin_functions.c:307)
==22203== by 0x5CBACB: zend_startup_module_ex (zend_API.c:1878)
==22203== by 0x5CBEC8: zend_startup_module_zval (zend_API.c:1893)
==22203== by 0x5D8321: zend_hash_apply (zend_hash.c:1689)
==22203== by 0x5CBDA2: zend_startup_modules (zend_API.c:2004)
==22203== by 0x566152: php_module_startup (main.c:2333)
==22203== by 0x67C1BB: php_cli_startup (php_cli.c:420)
==22203== by 0x67B112: main (php_cli.c:1356)
==22203==
==22203== Conditional jump or move depends on uninitialised value(s)
==22203== at 0x5F06CA: zend_string_equal_val (zend_string.c:417)
==22203== by 0x5F06CA: zend_string_equal_content (zend_string.h:310)
==22203== by 0x5F06CA: zend_interned_string_ht_lookup (zend_string.c:156)
==22203== by 0x5F06CA: zend_new_interned_string_permanent (zend_string.c:196)
==22203== by 0x5CFC06: zval_make_interned_string (zend_API.c:3697)
==22203== by 0x5CFC06: zend_declare_property_ex (zend_API.c:3723)
==22203== by 0x5CFF7D: zend_declare_property (zend_API.c:3793)
==22203== by 0x5D011E: zend_declare_property_string (zend_API.c:3840)
==22203== by 0x5E6AD6: zend_register_default_exception (zend_exceptions.c:831)
==22203== by 0x602C5A: zend_register_default_classes (zend_default_classes.c:32)
==22203== by 0x5DB523: zm_startup_core (zend_builtin_functions.c:307)
==22203== by 0x5CBACB: zend_startup_module_ex (zend_API.c:1878)
==22203== by 0x5CBEC8: zend_startup_module_zval (zend_API.c:1893)
==22203== by 0x5D8321: zend_hash_apply (zend_hash.c:1689)
==22203== by 0x5CBDA2: zend_startup_modules (zend_API.c:2004)
==22203== by 0x566152: php_module_startup (main.c:2333)
==22203== by 0x67C1BB: php_cli_startup (php_cli.c:420)
==22203== by 0x67B112: main (php_cli.c:1356)
==22203==
==22203== Conditional jump or move depends on uninitialised value(s)
==22203== at 0x5F06CA: zend_string_equal_val (zend_string.c:417)
==22203== by 0x5F06CA: zend_string_equal_content (zend_string.h:310)
==22203== by 0x5F06CA: zend_interned_string_ht_lookup (zend_string.c:156)
==22203== by 0x5F06CA: zend_new_interned_string_permanent (zend_string.c:196)
==22203== by 0x5CFDA3: zend_declare_property_ex (zend_API.c:3768)
==22203== by 0x5CFF7D: zend_declare_property (zend_API.c:3793)
==22203== by 0x5D011E: zend_declare_property_string (zend_API.c:3840)
==22203== by 0x5E6AF7: zend_register_default_exception (zend_exceptions.c:832)
==22203== by 0x602C5A: zend_register_default_classes (zend_default_classes.c:32)
==22203== by 0x5DB523: zm_startup_core (zend_builtin_functions.c:307)
==22203== by 0x5CBACB: zend_startup_module_ex (zend_API.c:1878)
==22203== by 0x5CBEC8: zend_startup_module_zval (zend_API.c:1893)
==22203== by 0x5D8321: zend_hash_apply (zend_hash.c:1689)
==22203== by 0x5CBDA2: zend_startup_modules (zend_API.c:2004)
==22203== by 0x566152: php_module_startup (main.c:2333)
==22203== by 0x67C1BB: php_cli_startup (php_cli.c:420)
==22203== by 0x67B112: main (php_cli.c:1356)
==22203==
==22203== Conditional jump or move depends on uninitialised value(s)
==22203== at 0x5F06CA: zend_string_equal_val (zend_string.c:417)
==22203== by 0x5F06CA: zend_string_equal_content (zend_string.h:310)
==22203== by 0x5F06CA: zend_interned_string_ht_lookup (zend_string.c:156)
==22203== by 0x5F06CA: zend_new_interned_string_permanent (zend_string.c:196)
==22203== by 0x5CFDA3: zend_declare_property_ex (zend_API.c:3768)
==22203== by 0x5CFF7D: zend_declare_property (zend_API.c:3793)
==22203== by 0x5D002A: zend_declare_property_long (zend_API.c:3822)
==22203== by 0x5E6B15: zend_register_default_exception (zend_exceptions.c:833)
==22203== by 0x602C5A: zend_register_default_classes (zend_default_classes.c:32)
==22203== by 0x5DB523: zm_startup_core (zend_builtin_functions.c:307)
==22203== by 0x5CBACB: zend_startup_module_ex (zend_API.c:1878)
==22203== by 0x5CBEC8: zend_startup_module_zval (zend_API.c:1893)
==22203== by 0x5D8321: zend_hash_apply (zend_hash.c:1689)
==22203== by 0x5CBDA2: zend_startup_modules (zend_API.c:2004)
==22203== by 0x566152: php_module_startup (main.c:2333)
==22203== by 0x67C1BB: php_cli_startup (php_cli.c:420)
==22203== by 0x67B112: main (php_cli.c:1356)
==22203==
==22203== Conditional jump or move depends on uninitialised value(s)
==22203== at 0x5F06CA: zend_string_equal_val (zend_string.c:417)
==22203== by 0x5F06CA: zend_string_equal_content (zend_string.h:310)
==22203== by 0x5F06CA: zend_interned_string_ht_lookup (zend_string.c:156)
==22203== by 0x5F06CA: zend_new_interned_string_permanent (zend_string.c:196)
==22203== by 0x5CFDA3: zend_declare_property_ex (zend_API.c:3768)
==22203== by 0x5CFF7D: zend_declare_property (zend_API.c:3793)
==22203== by 0x5CFFCA: zend_declare_property_null (zend_API.c:3804)
==22203== by 0x5E6B30: zend_register_default_exception (zend_exceptions.c:834)
==22203== by 0x602C5A: zend_register_default_classes (zend_default_classes.c:32)
==22203== by 0x5DB523: zm_startup_core (zend_builtin_functions.c:307)
==22203== by 0x5CBACB: zend_startup_module_ex (zend_API.c:1878)
==22203== by 0x5CBEC8: zend_startup_module_zval (zend_API.c:1893)
==22203== by 0x5D8321: zend_hash_apply (zend_hash.c:1689)
==22203== by 0x5CBDA2: zend_startup_modules (zend_API.c:2004)
==22203== by 0x566152: php_module_startup (main.c:2333)
==22203== by 0x67C1BB: php_cli_startup (php_cli.c:420)
==22203== by 0x67B112: main (php_cli.c:1356)
==22203==
==22203== Conditional jump or move depends on uninitialised value(s)
==22203== at 0x5F06CA: zend_string_equal_val (zend_string.c:417)
==22203== by 0x5F06CA: zend_string_equal_content (zend_string.h:310)
==22203== by 0x5F06CA: zend_interned_string_ht_lookup (zend_string.c:156)
==22203== by 0x5F06CA: zend_new_interned_string_permanent (zend_string.c:196)
==22203== by 0x5CFE43: zend_declare_property_ex (zend_API.c:3780)
==22203== by 0x5CFF7D: zend_declare_property (zend_API.c:3793)
==22203== by 0x5D011E: zend_declare_property_string (zend_API.c:3840)
==22203== by 0x5E6C7F: zend_register_default_exception (zend_exceptions.c:849)
==22203== by 0x602C5A: zend_register_default_classes (zend_default_classes.c:32)
==22203== by 0x5DB523: zm_startup_core (zend_builtin_functions.c:307)
==22203== by 0x5CBACB: zend_startup_module_ex (zend_API.c:1878)
==22203== by 0x5CBEC8: zend_startup_module_zval (zend_API.c:1893)
==22203== by 0x5D8321: zend_hash_apply (zend_hash.c:1689)
==22203== by 0x5CBDA2: zend_startup_modules (zend_API.c:2004)
==22203== by 0x566152: php_module_startup (main.c:2333)
==22203== by 0x67C1BB: php_cli_startup (php_cli.c:420)
==22203== by 0x67B112: main (php_cli.c:1356)
==22203==
==22203== Conditional jump or move depends on uninitialised value(s)
==22203== at 0x5F06CA: zend_string_equal_val (zend_string.c:417)
==22203== by 0x5F06CA: zend_string_equal_content (zend_string.h:310)
==22203== by 0x5F06CA: zend_interned_string_ht_lookup (zend_string.c:156)
==22203== by 0x5F06CA: zend_new_interned_string_permanent (zend_string.c:196)
==22203== by 0x5D025F: zval_make_interned_string (zend_API.c:3697)
==22203== by 0x5D025F: zend_declare_class_constant_ex (zend_API.c:3869)
==22203== by 0x5D0435: zend_declare_class_constant (zend_API.c:3905)
==22203== by 0x5D05A5: zend_declare_class_constant_stringl (zend_API.c:3952)
==22203== by 0x41F9B4: date_register_classes (php_date.c:2114)
==22203== by 0x41F9B4: zm_startup_date (php_date.c:877)
==22203== by 0x5CBACB: zend_startup_module_ex (zend_API.c:1878)
==22203== by 0x5CBEC8: zend_startup_module_zval (zend_API.c:1893)
==22203== by 0x5D8321: zend_hash_apply (zend_hash.c:1689)
==22203== by 0x5CBDA2: zend_startup_modules (zend_API.c:2004)
==22203== by 0x566152: php_module_startup (main.c:2333)
==22203== by 0x67C1BB: php_cli_startup (php_cli.c:420)
==22203== by 0x67B112: main (php_cli.c:1356)
==22203==
==22203== Conditional jump or move depends on uninitialised value(s)
==22203== at 0x5F06CA: zend_string_equal_val (zend_string.c:417)
==22203== by 0x5F06CA: zend_string_equal_content (zend_string.h:310)
==22203== by 0x5F06CA: zend_interned_string_ht_lookup (zend_string.c:156)
==22203== by 0x5F06CA: zend_new_interned_string_permanent (zend_string.c:196)
==22203== by 0x5CDB35: do_register_internal_class (zend_API.c:2731)
==22203== by 0x4CDDAC: zm_startup_reflection (php_reflection.c:6636)
==22203== by 0x5CBACB: zend_startup_module_ex (zend_API.c:1878)
==22203== by 0x5CBEC8: zend_startup_module_zval (zend_API.c:1893)
==22203== by 0x5D8321: zend_hash_apply (zend_hash.c:1689)
==22203== by 0x5CBDA2: zend_startup_modules (zend_API.c:2004)
==22203== by 0x566152: php_module_startup (main.c:2333)
==22203== by 0x67C1BB: php_cli_startup (php_cli.c:420)
==22203== by 0x67B112: main (php_cli.c:1356)
==22203==
==22203== Conditional jump or move depends on uninitialised value(s)
==22203== at 0x5F06CA: zend_string_equal_val (zend_string.c:417)
==22203== by 0x5F06CA: zend_string_equal_content (zend_string.h:310)
==22203== by 0x5F06CA: zend_interned_string_ht_lookup (zend_string.c:156)
==22203== by 0x5F06CA: zend_new_interned_string_permanent (zend_string.c:196)
==22203== by 0x5CCA8C: zend_register_functions (zend_API.c:2283)
==22203== by 0x5CDB0F: do_register_internal_class (zend_API.c:2727)
==22203== by 0x4CDDF0: zm_startup_reflection (php_reflection.c:6639)
==22203== by 0x5CBACB: zend_startup_module_ex (zend_API.c:1878)
==22203== by 0x5CBEC8: zend_startup_module_zval (zend_API.c:1893)
==22203== by 0x5D8321: zend_hash_apply (zend_hash.c:1689)
==22203== by 0x5CBDA2: zend_startup_modules (zend_API.c:2004)
==22203== by 0x566152: php_module_startup (main.c:2333)
==22203== by 0x67C1BB: php_cli_startup (php_cli.c:420)
==22203== by 0x67B112: main (php_cli.c:1356)
==22203==
==22203== Conditional jump or move depends on uninitialised value(s)
==22203== at 0x5F06CA: zend_string_equal_val (zend_string.c:417)
==22203== by 0x5F06CA: zend_string_equal_content (zend_string.h:310)
==22203== by 0x5F06CA: zend_interned_string_ht_lookup (zend_string.c:156)
==22203== by 0x5F06CA: zend_new_interned_string_permanent (zend_string.c:196)
==22203== by 0x5CCA8C: zend_register_functions (zend_API.c:2283)
==22203== by 0x5CDB0F: do_register_internal_class (zend_API.c:2727)
==22203== by 0x4CDFA9: zm_startup_reflection (php_reflection.c:6660)
==22203== by 0x5CBACB: zend_startup_module_ex (zend_API.c:1878)
==22203== by 0x5CBEC8: zend_startup_module_zval (zend_API.c:1893)
==22203== by 0x5D8321: zend_hash_apply (zend_hash.c:1689)
==22203== by 0x5CBDA2: zend_startup_modules (zend_API.c:2004)
==22203== by 0x566152: php_module_startup (main.c:2333)
==22203== by 0x67C1BB: php_cli_startup (php_cli.c:420)
==22203== by 0x67B112: main (php_cli.c:1356)
==22203==
==22203== Conditional jump or move depends on uninitialised value(s)
==22203== at 0x5F06CA: zend_string_equal_val (zend_string.c:417)
==22203== by 0x5F06CA: zend_string_equal_content (zend_string.h:310)
==22203== by 0x5F06CA: zend_interned_string_ht_lookup (zend_string.c:156)
==22203== by 0x5F06CA: zend_new_interned_string_permanent (zend_string.c:196)
==22203== by 0x5CCA8C: zend_register_functions (zend_API.c:2283)
==22203== by 0x5CDB0F: do_register_internal_class (zend_API.c:2727)
==22203== by 0x4CE033: zm_startup_reflection (php_reflection.c:6666)
==22203== by 0x5CBACB: zend_startup_module_ex (zend_API.c:1878)
==22203== by 0x5CBEC8: zend_startup_module_zval (zend_API.c:1893)
==22203== by 0x5D8321: zend_hash_apply (zend_hash.c:1689)
==22203== by 0x5CBDA2: zend_startup_modules (zend_API.c:2004)
==22203== by 0x566152: php_module_startup (main.c:2333)
==22203== by 0x67C1BB: php_cli_startup (php_cli.c:420)
==22203== by 0x67B112: main (php_cli.c:1356)
==22203==
==22203== Conditional jump or move depends on uninitialised value(s)
==22203== at 0x5F06CA: zend_string_equal_val (zend_string.c:417)
==22203== by 0x5F06CA: zend_string_equal_content (zend_string.h:310)
==22203== by 0x5F06CA: zend_interned_string_ht_lookup (zend_string.c:156)
==22203== by 0x5F06CA: zend_new_interned_string_permanent (zend_string.c:196)
==22203== by 0x5CCA8C: zend_register_functions (zend_API.c:2283)
==22203== by 0x5CDB0F: do_register_internal_class (zend_API.c:2727)
==22203== by 0x4CE211: zm_startup_reflection (php_reflection.c:6687)
==22203== by 0x5CBACB: zend_startup_module_ex (zend_API.c:1878)
==22203== by 0x5CBEC8: zend_startup_module_zval (zend_API.c:1893)
==22203== by 0x5D8321: zend_hash_apply (zend_hash.c:1689)
==22203== by 0x5CBDA2: zend_startup_modules (zend_API.c:2004)
==22203== by 0x566152: php_module_startup (main.c:2333)
==22203== by 0x67C1BB: php_cli_startup (php_cli.c:420)
==22203== by 0x67B112: main (php_cli.c:1356)
==22203==
==22203== Conditional jump or move depends on uninitialised value(s)
==22203== at 0x5F06CA: zend_string_equal_val (zend_string.c:417)
==22203== by 0x5F06CA: zend_string_equal_content (zend_string.h:310)
==22203== by 0x5F06CA: zend_interned_string_ht_lookup (zend_string.c:156)
==22203== by 0x5F06CA: zend_new_interned_string_permanent (zend_string.c:196)
==22203== by 0x5CCA8C: zend_register_functions (zend_API.c:2283)
==22203== by 0x5CDB0F: do_register_internal_class (zend_API.c:2727)
==22203== by 0x4CE343: zm_startup_reflection (php_reflection.c:6701)
==22203== by 0x5CBACB: zend_startup_module_ex (zend_API.c:1878)
==22203== by 0x5CBEC8: zend_startup_module_zval (zend_API.c:1893)
==22203== by 0x5D8321: zend_hash_apply (zend_hash.c:1689)
==22203== by 0x5CBDA2: zend_startup_modules (zend_API.c:2004)
==22203== by 0x566152: php_module_startup (main.c:2333)
==22203== by 0x67C1BB: php_cli_startup (php_cli.c:420)
==22203== by 0x67B112: main (php_cli.c:1356)
==22203==
==22203== Conditional jump or move depends on uninitialised value(s)
==22203== at 0x5F06CA: zend_string_equal_val (zend_string.c:417)
==22203== by 0x5F06CA: zend_string_equal_content (zend_string.h:310)
==22203== by 0x5F06CA: zend_interned_string_ht_lookup (zend_string.c:156)
==22203== by 0x5F06CA: zend_new_interned_string_permanent (zend_string.c:196)
==22203== by 0x5CCA8C: zend_register_functions (zend_API.c:2283)
==22203== by 0x5CDB0F: do_register_internal_class (zend_API.c:2727)
==22203== by 0x4CE3EE: zm_startup_reflection (php_reflection.c:6708)
==22203== by 0x5CBACB: zend_startup_module_ex (zend_API.c:1878)
==22203== by 0x5CBEC8: zend_startup_module_zval (zend_API.c:1893)
==22203== by 0x5D8321: zend_hash_apply (zend_hash.c:1689)
==22203== by 0x5CBDA2: zend_startup_modules (zend_API.c:2004)
==22203== by 0x566152: php_module_startup (main.c:2333)
==22203== by 0x67C1BB: php_cli_startup (php_cli.c:420)
==22203== by 0x67B112: main (php_cli.c:1356)
==22203==
==22203== Conditional jump or move depends on uninitialised value(s)
==22203== at 0x5F06CA: zend_string_equal_val (zend_string.c:417)
==22203== by 0x5F06CA: zend_string_equal_content (zend_string.h:310)
==22203== by 0x5F06CA: zend_interned_string_ht_lookup (zend_string.c:156)
==22203== by 0x5F06CA: zend_new_interned_string_permanent (zend_string.c:196)
==22203== by 0x5CCA8C: zend_register_functions (zend_API.c:2283)
==22203== by 0x5CDB0F: do_register_internal_class (zend_API.c:2727)
==22203== by 0x4CE505: zm_startup_reflection (php_reflection.c:6720)
==22203== by 0x5CBACB: zend_startup_module_ex (zend_API.c:1878)
==22203== by 0x5CBEC8: zend_startup_module_zval (zend_API.c:1893)
==22203== by 0x5D8321: zend_hash_apply (zend_hash.c:1689)
==22203== by 0x5CBDA2: zend_startup_modules (zend_API.c:2004)
==22203== by 0x566152: php_module_startup (main.c:2333)
==22203== by 0x67C1BB: php_cli_startup (php_cli.c:420)
==22203== by 0x67B112: main (php_cli.c:1356)
==22203==
==22203== Conditional jump or move depends on uninitialised value(s)
==22203== at 0x5F06CA: zend_string_equal_val (zend_string.c:417)
==22203== by 0x5F06CA: zend_string_equal_content (zend_string.h:310)
==22203== by 0x5F06CA: zend_interned_string_ht_lookup (zend_string.c:156)
==22203== by 0x5F06CA: zend_new_interned_string_permanent (zend_string.c:196)
==22203== by 0x5CCA8C: zend_register_functions (zend_API.c:2283)
==22203== by 0x5CDB0F: do_register_internal_class (zend_API.c:2727)
==22203== by 0x4CE58F: zm_startup_reflection (php_reflection.c:6726)
==22203== by 0x5CBACB: zend_startup_module_ex (zend_API.c:1878)
==22203== by 0x5CBEC8: zend_startup_module_zval (zend_API.c:1893)
==22203== by 0x5D8321: zend_hash_apply (zend_hash.c:1689)
==22203== by 0x5CBDA2: zend_startup_modules (zend_API.c:2004)
==22203== by 0x566152: php_module_startup (main.c:2333)
==22203== by 0x67C1BB: php_cli_startup (php_cli.c:420)
==22203== by 0x67B112: main (php_cli.c:1356)
==22203==
==22203== Conditional jump or move depends on uninitialised value(s)
==22203== at 0x5F06CA: zend_string_equal_val (zend_string.c:417)
==22203== by 0x5F06CA: zend_string_equal_content (zend_string.h:310)
==22203== by 0x5F06CA: zend_interned_string_ht_lookup (zend_string.c:156)
==22203== by 0x5F06CA: zend_new_interned_string_permanent (zend_string.c:196)
==22203== by 0x5CCA8C: zend_register_functions (zend_API.c:2283)
==22203== by 0x5CDB0F: do_register_internal_class (zend_API.c:2727)
==22203== by 0x4D1B41: spl_register_std_class (spl_functions.c:44)
==22203== by 0x4DCCB9: zm_startup_spl_array (spl_array.c:2002)
==22203== by 0x4D192D: zm_startup_spl (php_spl.c:998)
==22203== by 0x5CBACB: zend_startup_module_ex (zend_API.c:1878)
==22203== by 0x5CBEC8: zend_startup_module_zval (zend_API.c:1893)
==22203== by 0x5D8321: zend_hash_apply (zend_hash.c:1689)
==22203== by 0x5CBDA2: zend_startup_modules (zend_API.c:2004)
==22203== by 0x566152: php_module_startup (main.c:2333)
==22203== by 0x67C1BB: php_cli_startup (php_cli.c:420)
==22203== by 0x67B112: main (php_cli.c:1356)
==22203==
==22203== Conditional jump or move depends on uninitialised value(s)
==22203== at 0x5F0176: zend_string_equal_val (zend_string.c:417)
==22203== by 0x5F0176: zend_string_equal_content (zend_string.h:310)
==22203== by 0x5F0176: zend_interned_string_ht_lookup (zend_string.c:156)
==22203== by 0x5F0176: zend_new_interned_string_request (zend_string.c:224)
==22203== by 0x59F860: zval_make_interned_string (zend_compile.c:473)
==22203== by 0x59F860: zend_insert_literal (zend_compile.c:485)
==22203== by 0x59F860: zend_add_literal (zend_compile.c:505)
==22203== by 0x59F860: zend_emit_op (zend_compile.c:2121)
==22203== by 0x5A8049: zend_compile_call (zend_compile.c:4042)
==22203== by 0x5A2E8A: zend_compile_assign (zend_compile.c:2980)
==22203== by 0x5AB0FE: zend_compile_stmt (zend_compile.c:8309)
==22203== by 0x5B197C: zend_compile_top_stmt (zend_compile.c:8195)
==22203== by 0x5B196B: zend_compile_top_stmt (zend_compile.c:8190)
==22203== by 0x58A637: zend_compile (zend_language_scanner.l:602)
==22203== by 0x58A505: compile_file (zend_language_scanner.l:636)
==22203== by 0x5C6975: zend_execute_scripts (zend.c:1562)
==22203== by 0x567206: php_execute_script (main.c:2630)
==22203== by 0x67BFB2: do_cli (php_cli.c:997)
==22203== by 0x67B169: main (php_cli.c:1389)
==22203==
==22203== Conditional jump or move depends on uninitialised value(s)
==22203== at 0x5F0176: zend_string_equal_val (zend_string.c:417)
==22203== by 0x5F0176: zend_string_equal_content (zend_string.h:310)
==22203== by 0x5F0176: zend_interned_string_ht_lookup (zend_string.c:156)
==22203== by 0x5F0176: zend_new_interned_string_request (zend_string.c:224)
==22203== by 0x59F860: zval_make_interned_string (zend_compile.c:473)
==22203== by 0x59F860: zend_insert_literal (zend_compile.c:485)
==22203== by 0x59F860: zend_add_literal (zend_compile.c:505)
==22203== by 0x59F860: zend_emit_op (zend_compile.c:2121)
==22203== by 0x5A8049: zend_compile_call (zend_compile.c:4042)
==22203== by 0x5AB0FE: zend_compile_stmt (zend_compile.c:8309)
==22203== by 0x5B197C: zend_compile_top_stmt (zend_compile.c:8195)
==22203== by 0x5B196B: zend_compile_top_stmt (zend_compile.c:8190)
==22203== by 0x58A637: zend_compile (zend_language_scanner.l:602)
==22203== by 0x58A505: compile_file (zend_language_scanner.l:636)
==22203== by 0x5C6975: zend_execute_scripts (zend.c:1562)
==22203== by 0x567206: php_execute_script (main.c:2630)
==22203== by 0x67BFB2: do_cli (php_cli.c:997)
==22203== by 0x67B169: main (php_cli.c:1389)
==22203==
==22203== Conditional jump or move depends on uninitialised value(s)
==22203== at 0x5F021A: zend_string_equal_val (zend_string.c:417)
==22203== by 0x5F021A: zend_string_equal_content (zend_string.h:310)
==22203== by 0x5F021A: zend_interned_string_ht_lookup (zend_string.c:156)
==22203== by 0x5F021A: zend_new_interned_string_request (zend_string.c:230)
==22203== by 0x5A36D3: zval_make_interned_string (zend_compile.c:473)
==22203== by 0x5A36D3: zend_try_compile_cv (zend_compile.c:2534)
==22203== by 0x5A3FCB: zend_compile_simple_var (zend_compile.c:2606)
==22203== by 0x5A3FCB: zend_compile_var (zend_compile.c:8450)
==22203== by 0x5A4F96: zend_compile_args (zend_compile.c:3211)
==22203== by 0x5A5110: zend_compile_call_common (zend_compile.c:3314)
==22203== by 0x5A806A: zend_compile_call (zend_compile.c:4045)
==22203== by 0x5AB0FE: zend_compile_stmt (zend_compile.c:8309)
==22203== by 0x5B197C: zend_compile_top_stmt (zend_compile.c:8195)
==22203== by 0x5B196B: zend_compile_top_stmt (zend_compile.c:8190)
==22203== by 0x58A637: zend_compile (zend_language_scanner.l:602)
==22203== by 0x58A505: compile_file (zend_language_scanner.l:636)
==22203== by 0x5C6975: zend_execute_scripts (zend.c:1562)
==22203== by 0x567206: php_execute_script (main.c:2630)
==22203== by 0x67BFB2: do_cli (php_cli.c:997)
==22203== by 0x67B169: main (php_cli.c:1389)
==22203==
==22203==
==22203== HEAP SUMMARY:
==22203== in use at exit: 0 bytes in 0 blocks
==22203== total heap usage: 7,084 allocs, 7,084 frees, 1,591,905 bytes allocated
==22203==
==22203== All heap blocks were freed -- no leaks are possible
==22203==
==22203== For counts of detected and suppressed errors, rerun with: -v
==22203== Use --track-origins=yes to see where uninitialised values come from
==22203== ERROR SUMMARY: 169 errors from 21 contexts (suppressed: 0 from 0)
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
|
|||||||||||||||||||||||||||
Copyright © 2001-2025 The PHP GroupAll rights reserved. |
Last updated: Tue Oct 28 18:00:01 2025 UTC |
This patch should fix it: diff --git a/ext/exif/exif.c b/ext/exif/exif.c index 605b37923f..cd7975a9f5 100644 --- a/ext/exif/exif.c +++ b/ext/exif/exif.c @@ -3498,7 +3498,7 @@ static int exif_scan_thumbnail(image_info_type *ImageInfo) size_t length=2, pos=0; jpeg_sof_info sof_info; - if (!data) { + if (!data || ImageInfo->Thumbnail.size < 4) { return FALSE; /* nothing to do here */ } if (memcmp(data, "\xFF\xD8\xFF", 3)) { Could you please verify?