diff options
author | Nikita Popov <nikita.ppv@gmail.com> | 2019-02-12 09:28:47 +0100 |
---|---|---|
committer | Nikita Popov <nikita.ppv@gmail.com> | 2019-02-12 09:29:05 +0100 |
commit | c553d17f11bab2ef347bc7e72a4e9c55217524f1 (patch) | |
tree | 56fe7585ba4d55d3ed8ad18ccdc55979909d1c40 | |
parent | b6e58dcd2262c30c0657624ca3c372dc90d5a031 (diff) | |
parent | c4294440ffc4a59a1298292b76072e6759034a68 (diff) | |
download | php-git-c553d17f11bab2ef347bc7e72a4e9c55217524f1.tar.gz |
Merge branch 'PHP-7.2' into PHP-7.3
-rw-r--r-- | NEWS | 3 | ||||
-rw-r--r-- | ext/exif/exif.c | 4 | ||||
-rw-r--r-- | ext/exif/tests/bug77564/bug77564.jpg | bin | 0 -> 73 bytes | |||
-rw-r--r-- | ext/exif/tests/bug77564/bug77564.phpt | 18 |
4 files changed, 25 insertions, 0 deletions
@@ -14,6 +14,9 @@ PHP NEWS . Fixed bug #77530 (PHP crashes when parsing `(2)::class`). (Ekin) . Fixed bug #77546 (iptcembed broken function). (gdegoulet) +- Exif: + . Fixed bug #77564 (Memory leak in exif_process_IFD_TAG). (Ben Ramsey) + - Mbstring: . Fixed bug #77514 (mb_ereg_replace() with trailing backslash adds null byte). (Nikita) diff --git a/ext/exif/exif.c b/ext/exif/exif.c index 676721da2e..6d287ccc1e 100644 --- a/ext/exif/exif.c +++ b/ext/exif/exif.c @@ -3378,6 +3378,10 @@ static int exif_process_IFD_TAG(image_info_type *ImageInfo, char *dir_entry, cha break; case TAG_USERCOMMENT: + EFREE_IF(ImageInfo->UserComment); + ImageInfo->UserComment = NULL; + EFREE_IF(ImageInfo->UserCommentEncoding); + ImageInfo->UserCommentEncoding = NULL; ImageInfo->UserCommentLength = exif_process_user_comment(ImageInfo, &(ImageInfo->UserComment), &(ImageInfo->UserCommentEncoding), value_ptr, byte_count); break; diff --git a/ext/exif/tests/bug77564/bug77564.jpg b/ext/exif/tests/bug77564/bug77564.jpg Binary files differnew file mode 100644 index 0000000000..868fffd1db --- /dev/null +++ b/ext/exif/tests/bug77564/bug77564.jpg diff --git a/ext/exif/tests/bug77564/bug77564.phpt b/ext/exif/tests/bug77564/bug77564.phpt new file mode 100644 index 0000000000..2f72b3c9ac --- /dev/null +++ b/ext/exif/tests/bug77564/bug77564.phpt @@ -0,0 +1,18 @@ +--TEST-- +Bug 77564 (Memory leak in exif_process_IFD_TAG) +--SKIPIF-- +<?php if (!extension_loaded('exif')) print 'skip exif extension not available';?> +--FILE-- +<?php +var_dump(exif_read_data(dirname(__FILE__) . '/bug77564.jpg')); +?> +DONE +--EXPECTF-- + +Warning: exif_read_data(bug77564.jpg): Illegal IFD offset in %sbug77564.php on line %d + +Warning: exif_read_data(bug77564.jpg): File structure corrupted in %sbug77564.php on line %d + +Warning: exif_read_data(bug77564.jpg): Invalid JPEG file in %sbug77564.php on line %d +bool(false) +DONE |