|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
[2019-12-30 15:29 UTC] nikic@php.net
-Summary: UndefinedBehaviorSanitizer: undefined-behavior
+Summary: NaN to int cast undefined behavior in exif
-Status: Open
+Status: Verified
-Type: Security
+Type: Bug
[2019-12-30 15:29 UTC] nikic@php.net
[2019-12-30 16:24 UTC] nikic@php.net
[2019-12-30 16:24 UTC] nikic@php.net
-Status: Verified
+Status: Closed
|
|||||||||||||||||||||||||||
Copyright © 2001-2024 The PHP GroupAll rights reserved. |
Last updated: Fri Apr 19 18:01:28 2024 UTC |
Description: ------------ exif_read_data may lead to integer overflow raven@ubuntu ~/p/s/cli (master)> ./php -r 'exif_read_data("/home/raven/php-src/crash-7cd841466926b2ce76d75b379568282a0fc8914b", "IFD0");' /home/raven/php-src/ext/exif/exif.c:1677:10: runtime error: nan is outside the range of representable values of type 'unsigned long' SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /home/raven/php-src/ext/exif/exif.c:1677:10 in sorry, no backtrace for gdb the file https://github.com/loveraven42/poc/blob/master/crash-7cd841466926b2ce76d75b379568282a0fc8914b Test script: --------------- ./php -r 'exif_read_data("/home/raven/php-src/crash-7cd841466926b2ce76d75b379568282a0fc8914b", "IFD0");