Skip to content

Commit 9cd365e

Browse files
nikicnikic
committed
Merge branch 'PHP-7.2' into PHP-7.3
2 parents 623d897 + f989a4c commit 9cd365e

File tree

3 files changed

+12
-0
lines changed

3 files changed

+12
-0
lines changed

ext/exif/exif.c

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -3561,9 +3561,11 @@ static int exif_process_IFD_TAG(image_info_type *ImageInfo, char *dir_entry, cha
35613561
Subdir_start = offset_base + php_ifd_get32u(value_ptr, ImageInfo->motorola_intel);
35623562
if (Subdir_start < offset_base || Subdir_start > offset_base+IFDlength) {
35633563
exif_error_docref("exif_read_data#error_ifd" EXIFERR_CC, ImageInfo, E_WARNING, "Illegal IFD Pointer");
3564+
EFREE_IF(outside);
35643565
return FALSE;
35653566
}
35663567
if (!exif_process_IFD_in_JPEG(ImageInfo, Subdir_start, offset_base, IFDlength, displacement, sub_section_index, tag)) {
3568+
EFREE_IF(outside);
35673569
return FALSE;
35683570
}
35693571
#ifdef EXIF_DEBUG

ext/exif/tests/temporary_buffer_leak.jpg

46 Bytes
Loading

ext/exif/tests/temporary_buffer_leak.phpt

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,10 @@
1+
--TEST--
2+
OSS-Fuzz: Temporary buffer leak in tag reading
3+
--FILE--
4+
<?php
5+
6+
var_dump(@exif_read_data(__DIR__ . '/temporary_buffer_leak.jpg'));
7+
8+
?>
9+
--EXPECT--
10+
bool(false)

0 commit comments

Comments
 (0)