Fix bug #77563 - Uninitialized read in exif_process_IFD_in_MAKERNOTE

Also fix for bug #77659

Author: smalyshev

ext/exif/exif.c

@@ -2741,7 +2741,7 @@ static int exif_process_IFD_in_MAKERNOTE(image_info_type *ImageInfo, char * valu
 		break;
 	}
 
-	if (maker_note->offset >= value_len) {
+	if (value_len < 2 || maker_note->offset >= value_len - 1) {
 		/* Do not go past the value end */
 		exif_error_docref("exif_read_data#error_ifd" EXIFERR_CC, ImageInfo, E_WARNING, "IFD data too short: 0x%04X offset 0x%04X", value_len, maker_note->offset);
 		return FALSE;
@@ -2794,6 +2794,7 @@ static int exif_process_IFD_in_MAKERNOTE(image_info_type *ImageInfo, char * valu
 			break;
 		default:
 		case MN_OFFSET_NORMAL:
+			data_len = value_len;
 			break;
 	}
 

ext/exif/tests/bug77563.jpg

@@ -0,0 +1,16 @@
+--TEST--
+Bug 77563 (Uninitialized read in exif_process_IFD_in_MAKERNOTE)
+--SKIPIF--
+<?php if (!extension_loaded('exif')) print 'skip exif extension not available';?>
+--FILE--
+<?php
+$s = exif_thumbnail(__DIR__."/bug77563.jpg");
+?>
+DONE
+--EXPECTF--
+Warning: exif_thumbnail(bug77563.jpg): Illegal IFD offset in %s/bug77563.php on line %d
+
+Warning: exif_thumbnail(bug77563.jpg): File structure corrupted in %s/bug77563.php on line %d
+
+Warning: exif_thumbnail(bug77563.jpg): Invalid JPEG file in %s/bug77563.php on line %d
+DONE