Skip to content

Commit 6dbb1ee

Browse files
committed
Fixed bug #72627: Memory Leakage In exif_process_IFD_in_TIFF
1 parent 698a691 commit 6dbb1ee

File tree

3 files changed

+75
-1
lines changed

3 files changed

+75
-1
lines changed

Diff for: ext/exif/exif.c

+4-1
Original file line numberDiff line numberDiff line change
@@ -3768,9 +3768,12 @@ static int exif_process_IFD_in_TIFF(image_info_type *ImageInfo, size_t dir_offse
37683768
fgot = php_stream_read(ImageInfo->infile, ImageInfo->Thumbnail.data, ImageInfo->Thumbnail.size);
37693769
if (fgot < ImageInfo->Thumbnail.size) {
37703770
EXIF_ERRLOG_THUMBEOF(ImageInfo)
3771-
}
3771+
efree(ImageInfo->Thumbnail.data);
3772+
ImageInfo->Thumbnail.data = NULL;
3773+
} else {
37723774
exif_thumbnail_build(ImageInfo TSRMLS_CC);
37733775
}
3776+
}
37743777
#ifdef EXIF_DEBUG
37753778
exif_error_docref(NULL EXIFERR_CC, ImageInfo, E_NOTICE, "Read next IFD (THUMBNAIL) done");
37763779
#endif

Diff for: ext/exif/tests/bug72627.phpt

+71
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,71 @@
1+
--TEST--
2+
Bug #72627 (Memory Leakage In exif_process_IFD_in_TIFF)
3+
--SKIPIF--
4+
<?php if (!extension_loaded('exif')) print 'skip exif extension not available';?>
5+
--FILE--
6+
<?php
7+
$exif = exif_read_data(__DIR__ . '/bug72627.tiff',0,0,true);
8+
var_dump($exif);
9+
?>
10+
--EXPECTF--
11+
Warning: exif_read_data(%s): Thumbnail goes IFD boundary or end of file reached in %sbug72627.php on line %d
12+
13+
Warning: exif_read_data(%s): Error in TIFF: filesize(x04E2) less than start of IFD dir(x829A0004) in %sbug72627.php on line %d
14+
15+
Warning: exif_read_data(%s): Thumbnail goes IFD boundary or end of file reached in %sbug72627.php on line %d
16+
array(11) {
17+
["FileName"]=>
18+
string(13) "bug72627.tiff"
19+
["FileDateTime"]=>
20+
int(%d)
21+
["FileSize"]=>
22+
int(1250)
23+
["FileType"]=>
24+
int(7)
25+
["MimeType"]=>
26+
string(10) "image/tiff"
27+
["SectionsFound"]=>
28+
string(30) "ANY_TAG, IFD0, THUMBNAIL, EXIF"
29+
["COMPUTED"]=>
30+
array(10) {
31+
["html"]=>
32+
string(24) "width="128" height="132""
33+
["Height"]=>
34+
int(132)
35+
["Width"]=>
36+
int(128)
37+
["IsColor"]=>
38+
int(0)
39+
["ByteOrderMotorola"]=>
40+
int(0)
41+
["ApertureFNumber"]=>
42+
string(5) "f/1.0"
43+
["Thumbnail.FileType"]=>
44+
int(2)
45+
["Thumbnail.MimeType"]=>
46+
string(10) "image/jpeg"
47+
["Thumbnail.Height"]=>
48+
int(132)
49+
["Thumbnail.Width"]=>
50+
int(128)
51+
}
52+
["XResolution"]=>
53+
string(21) "1414812756/1414812756"
54+
["THUMBNAIL"]=>
55+
array(5) {
56+
["ImageWidth"]=>
57+
int(128)
58+
["ImageLength"]=>
59+
int(132)
60+
["JPEGInterchangeFormat"]=>
61+
int(1280)
62+
["JPEGInterchangeFormatLength"]=>
63+
int(100)
64+
["THUMBNAIL"]=>
65+
NULL
66+
}
67+
["ExposureTime"]=>
68+
string(21) "1414812756/1414812756"
69+
["FNumber"]=>
70+
string(21) "1414812756/1414812756"
71+
}

Diff for: ext/exif/tests/bug72627.tiff

1.22 KB
Binary file not shown.

0 commit comments

Comments
 (0)