Merge branch 'PHP-7.4'

3 files changed, 22 insertions, 0 deletions

diff --git a/ext/exif/exif.c b/ext/exif/exif.c
index 9e771ad4eb..801e81d4ce 100644
--- a/ext/exif/exif.c
+++ b/ext/exif/exif.c
@@ -3377,6 +3377,10 @@ static int exif_process_IFD_TAG(image_info_type *ImageInfo, char *dir_entry, cha
 				break;
 
 			case TAG_USERCOMMENT:
+				EFREE_IF(ImageInfo->UserComment);
+				ImageInfo->UserComment = NULL;
+				EFREE_IF(ImageInfo->UserCommentEncoding);
+				ImageInfo->UserCommentEncoding = NULL;
 				ImageInfo->UserCommentLength = exif_process_user_comment(ImageInfo, &(ImageInfo->UserComment), &(ImageInfo->UserCommentEncoding), value_ptr, byte_count);
 				break;
 
diff --git a/ext/exif/tests/bug77564/bug77564.jpg b/ext/exif/tests/bug77564/bug77564.jpg
new file mode 100644
index 0000000000..868fffd1db
--- /dev/null
+++ b/ext/exif/tests/bug77564/bug77564.jpg
diff --git a/ext/exif/tests/bug77564/bug77564.phpt b/ext/exif/tests/bug77564/bug77564.phpt
new file mode 100644
index 0000000000..2f72b3c9ac
--- /dev/null
+++ b/ext/exif/tests/bug77564/bug77564.phpt
@@ -0,0 +1,18 @@
+--TEST--
+Bug 77564 (Memory leak in exif_process_IFD_TAG)
+--SKIPIF--
+<?php if (!extension_loaded('exif')) print 'skip exif extension not available';?>
+--FILE--
+<?php
+var_dump(exif_read_data(dirname(__FILE__) . '/bug77564.jpg'));
+?>
+DONE
+--EXPECTF--
+
+Warning: exif_read_data(bug77564.jpg): Illegal IFD offset in %sbug77564.php on line %d
+
+Warning: exif_read_data(bug77564.jpg): File structure corrupted in %sbug77564.php on line %d
+
+Warning: exif_read_data(bug77564.jpg): Invalid JPEG file in %sbug77564.php on line %d
+bool(false)
+DONE