Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP1:GA
php5.10310
php-CVE-2016-4542,4543,4544.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File php-CVE-2016-4542,4543,4544.patch of Package php5.10310
X-Git-Url: https://72.52.91.13:4430/?p=php-src.git;a=blobdiff_plain;f=ext%2Fexif%2Fexif.c;h=db007ca2e6d0b4513ae77990972997fad8bfe9c9;hp=f94e075e5a1ebe5108ef2729498d2f198df3c078;hb=1366c0362f1fa85e82bde9c0b393bd3bb3d32892;hpb=ed52bcb3dcb2e7dbc009ef8c6579fb1276ca73c1 Index: php-5.6.1/ext/exif/exif.c =================================================================== --- php-5.6.1.orig/ext/exif/exif.c 2016-05-10 09:14:08.203886992 +0200 +++ php-5.6.1/ext/exif/exif.c 2016-05-10 09:16:38.799890665 +0200 @@ -2955,7 +2955,7 @@ /* When there are any characters after the first NUL */ ImageInfo->CopyrightPhotographer = estrdup(value_ptr); ImageInfo->CopyrightEditor = estrdup(value_ptr+length+1); - spprintf(&ImageInfo->Copyright, 0, "%s, %s", value_ptr, value_ptr+length+1); + spprintf(&ImageInfo->Copyright, 0, "%s, %s", ImageInfo->CopyrightPhotographer, ImageInfo->CopyrightEditor); /* format = TAG_FMT_UNDEFINED; this musn't be ASCII */ /* but we are not supposed to change this */ /* keep in mind that image_info does not store editor value */ @@ -3124,6 +3124,11 @@ ImageInfo->sections_found |= FOUND_IFD0; + if ((dir_start + 2) >= (offset_base+IFDlength)) { + exif_error_docref("exif_read_data#error_ifd" EXIFERR_CC, ImageInfo, E_WARNING, "Illegal IFD size"); + return FALSE; + } + NumDirEntries = php_ifd_get16u(dir_start, ImageInfo->motorola_intel); if ((dir_start+2+NumDirEntries*12) > (offset_base+IFDlength)) { @@ -3147,6 +3152,10 @@ * Hack to make it process IDF1 I hope * There are 2 IDFs, the second one holds the keys (0x0201 and 0x0202) to the thumbnail */ + if ((dir_start+2+12*de + 4) >= (offset_base+IFDlength)) { + exif_error_docref("exif_read_data#error_ifd" EXIFERR_CC, ImageInfo, E_WARNING, "Illegal IFD size"); + return FALSE; + } NextDirOffset = php_ifd_get32u(dir_start+2+12*de, ImageInfo->motorola_intel); if (NextDirOffset) { /* the next line seems false but here IFDlength means length of all IFDs */ @@ -3196,6 +3205,10 @@ } /* Check the next two values for correctness. */ + if (length < 8) { + exif_error_docref(NULL EXIFERR_CC, ImageInfo, E_WARNING, "Invalid TIFF start (1)"); + return; + } exif_value_2a = php_ifd_get16u(CharBuf+2, ImageInfo->motorola_intel); offset_of_ifd = php_ifd_get32u(CharBuf+4, ImageInfo->motorola_intel); if ( exif_value_2a != 0x2a || offset_of_ifd < 0x08) {
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor