php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Return to Bug #77753
Patch fix-overread revision 2019-03-18 04:43 UTC by stas@php.net

Patch fix-overread for EXIF related Bug #77753

Patch version 2019-03-18 04:43 UTC

Return to Bug #77753 | Download this patch
Patch Revisions:

Developer: stas@php.net

diff --git a/ext/exif/exif.c b/ext/exif/exif.c
index fe89b85471..0b5bb5ae21 100644
--- a/ext/exif/exif.c
+++ b/ext/exif/exif.c
@@ -2802,6 +2802,10 @@ static int exif_process_IFD_in_MAKERNOTE(image_info_type *ImageInfo, char * valu
 		exif_error_docref("exif_read_data#error_ifd" EXIFERR_CC, ImageInfo, E_WARNING, "Illegal IFD size: 2 + 0x%04X*12 = 0x%04X > 0x%04X", NumDirEntries, 2+NumDirEntries*12, value_len);
 		return FALSE;
 	}
+	if ((dir_start - value_ptr) > value_len - (2+NumDirEntries*12)) {
+		exif_error_docref("exif_read_data#error_ifd" EXIFERR_CC, ImageInfo, E_WARNING, "Illegal IFD size: 0x%04X > 0x%04X", (dir_start - value_ptr) + (2+NumDirEntries*12), value_len);
+		return FALSE;
+	}
 
 	for (de=0;de<NumDirEntries;de++) {
 		if (!exif_process_IFD_TAG(ImageInfo, dir_start + 2 + 12 * de,
 
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Wed Jun 19 15:01:26 2019 UTC