Skip to content

Commit f989a4c

Browse files
nikicnikic
committed
Fix leak of temporary buffer during exif tag reading
1 parent 0701835 commit f989a4c

File tree

3 files changed

+12
-0
lines changed

3 files changed

+12
-0
lines changed

ext/exif/exif.c

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -3588,9 +3588,11 @@ static int exif_process_IFD_TAG(image_info_type *ImageInfo, char *dir_entry, cha
35883588
Subdir_start = offset_base + php_ifd_get32u(value_ptr, ImageInfo->motorola_intel);
35893589
if (Subdir_start < offset_base || Subdir_start > offset_base+IFDlength) {
35903590
exif_error_docref("exif_read_data#error_ifd" EXIFERR_CC, ImageInfo, E_WARNING, "Illegal IFD Pointer");
3591+
EFREE_IF(outside);
35913592
return FALSE;
35923593
}
35933594
if (!exif_process_IFD_in_JPEG(ImageInfo, Subdir_start, offset_base, IFDlength, displacement, sub_section_index, tag)) {
3595+
EFREE_IF(outside);
35943596
return FALSE;
35953597
}
35963598
#ifdef EXIF_DEBUG

ext/exif/tests/temporary_buffer_leak.jpg

46 Bytes
Loading

ext/exif/tests/temporary_buffer_leak.phpt

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,10 @@
1+
--TEST--
2+
OSS-Fuzz: Temporary buffer leak in tag reading
3+
--FILE--
4+
<?php
5+
6+
var_dump(@exif_read_data(__DIR__ . '/temporary_buffer_leak.jpg'));
7+
8+
?>
9+
--EXPECT--
10+
bool(false)

0 commit comments

Comments
 (0)