Skip to content

Commit 1cda0d7

Browse files
smalyshevsmalyshev
committed
Fix bug #73737 FPE when parsing a tag format
1 parent e524658 commit 1cda0d7

File tree

3 files changed

+13
-1
lines changed

3 files changed

+13
-1
lines changed

ext/exif/exif.c

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1303,7 +1303,7 @@ static size_t exif_convert_any_to_int(void *value, int format, int motorola_inte
13031303
if (s_den == 0) {
13041304
return 0;
13051305
} else {
1306-
return php_ifd_get32s(value, motorola_intel) / s_den;
1306+
return (size_t)((double)php_ifd_get32s(value, motorola_intel) / s_den);
13071307
}
13081308

13091309
case TAG_FMT_SSHORT: return php_ifd_get16u(value, motorola_intel);

ext/exif/tests/bug73737.phpt

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,12 @@
1+
--TEST--
2+
Bug #73737 (Crash when parsing a tag format)
3+
--SKIPIF--
4+
<?php if (!extension_loaded('exif')) print 'skip exif extension not available';?>
5+
--FILE--
6+
<?php
7+
$exif = exif_thumbnail(__DIR__ . '/bug73737.tiff');
8+
var_dump($exif);
9+
?>
10+
--EXPECTF--
11+
Warning: exif_thumbnail(bug73737.tiff): Error in TIFF: filesize(x0030) less than start of IFD dir(x10102) in %s line %d
12+
bool(false)

ext/exif/tests/bug73737.tiff

48 Bytes
Binary file not shown.

0 commit comments

Comments
 (0)