From d750697506636f9deba051720020c3d36c00f1af Mon Sep 17 00:00:00 2001 From: Niels Dossche <7771979+nielsdos@users.noreply.github.com> Date: Sun, 13 Oct 2024 18:02:00 +0200 Subject: [PATCH 1/2] Fix GH-16409: Segfault in exif_thumbnail when not dealing with a real file --- ext/exif/exif.c | 2 +- ext/exif/tests/gh16409.phpt | 16 ++++++++++++++++ 2 files changed, 17 insertions(+), 1 deletion(-) create mode 100644 ext/exif/tests/gh16409.phpt diff --git a/ext/exif/exif.c b/ext/exif/exif.c index bf5fed01db52f..3081ad9a1b2dd 100644 --- a/ext/exif/exif.c +++ b/ext/exif/exif.c @@ -4419,7 +4419,7 @@ static bool exif_read_from_impl(image_info_type *ImageInfo, php_stream *stream, ImageInfo->FileName = NULL; if (php_stream_is(ImageInfo->infile, PHP_STREAM_IS_STDIO)) { - if (VCWD_STAT(stream->orig_path, &st) >= 0) { + if (stream->orig_path && VCWD_STAT(stream->orig_path, &st) >= 0) { zend_string *base; if ((st.st_mode & S_IFMT) != S_IFREG) { exif_error_docref(NULL EXIFERR_CC, ImageInfo, E_WARNING, "Not a file"); diff --git a/ext/exif/tests/gh16409.phpt b/ext/exif/tests/gh16409.phpt new file mode 100644 index 0000000000000..2491b2292f865 --- /dev/null +++ b/ext/exif/tests/gh16409.phpt @@ -0,0 +1,16 @@ +--TEST-- +GH-16409 (Segfault in exif_thumbnail when not dealing with a real file) +--EXTENSIONS-- +exif +--SKIPIF-- + +--FILE-- + +--EXPECTF-- +Warning: exif_thumbnail(): File too small (0) in %s on line %d +bool(false)%A From 43c8b599edd9800a44e4cee58dc7efa0e4b1861f Mon Sep 17 00:00:00 2001 From: Niels Dossche <7771979+nielsdos@users.noreply.github.com> Date: Sun, 13 Oct 2024 18:53:22 +0200 Subject: [PATCH 2/2] Drop Windows skipif --- ext/exif/tests/gh16409.phpt | 4 ---- 1 file changed, 4 deletions(-) diff --git a/ext/exif/tests/gh16409.phpt b/ext/exif/tests/gh16409.phpt index 2491b2292f865..c2c54d839e011 100644 --- a/ext/exif/tests/gh16409.phpt +++ b/ext/exif/tests/gh16409.phpt @@ -2,10 +2,6 @@ GH-16409 (Segfault in exif_thumbnail when not dealing with a real file) --EXTENSIONS-- exif ---SKIPIF-- - --FILE--