mirror of
https://github.com/php/php-src.git
synced 2024-09-21 18:07:23 +00:00
Fix exif leak on duplicate copyright tags
This commit is contained in:
parent
e3255a4f49
commit
3e139a4653
@ -3418,6 +3418,9 @@ static int exif_process_IFD_TAG(image_info_type *ImageInfo, char *dir_entry, cha
|
||||
if (byte_count>1 && (length=php_strnlen(value_ptr, byte_count)) > 0) {
|
||||
if (length<byte_count-1) {
|
||||
/* When there are any characters after the first NUL */
|
||||
EFREE_IF(ImageInfo->CopyrightPhotographer);
|
||||
EFREE_IF(ImageInfo->CopyrightEditor);
|
||||
EFREE_IF(ImageInfo->Copyright);
|
||||
ImageInfo->CopyrightPhotographer = estrdup(value_ptr);
|
||||
ImageInfo->CopyrightEditor = estrndup(value_ptr+length+1, byte_count-length-1);
|
||||
spprintf(&ImageInfo->Copyright, 0, "%s, %s", ImageInfo->CopyrightPhotographer, ImageInfo->CopyrightEditor);
|
||||
@ -3425,6 +3428,7 @@ static int exif_process_IFD_TAG(image_info_type *ImageInfo, char *dir_entry, cha
|
||||
/* but we are not supposed to change this */
|
||||
/* keep in mind that image_info does not store editor value */
|
||||
} else {
|
||||
EFREE_IF(ImageInfo->Copyright);
|
||||
ImageInfo->Copyright = estrndup(value_ptr, byte_count);
|
||||
}
|
||||
}
|
||||
|
12
ext/exif/tests/duplicate_copyright_tag_leak.phpt
Normal file
12
ext/exif/tests/duplicate_copyright_tag_leak.phpt
Normal file
@ -0,0 +1,12 @@
|
||||
--TEST--
|
||||
OSS-Fuzz #17474: Memory leak on duplicate Copyright tags
|
||||
--FILE--
|
||||
<?php
|
||||
|
||||
// Only checking for an absence of leaks here.
|
||||
@exif_read_data(__DIR__ . '/duplicate_copyright_tag_leak.tiff');
|
||||
|
||||
?>
|
||||
===DONE===
|
||||
--EXPECTF--
|
||||
===DONE===
|
BIN
ext/exif/tests/duplicate_copyright_tag_leak.tiff
Normal file
BIN
ext/exif/tests/duplicate_copyright_tag_leak.tiff
Normal file
Binary file not shown.
Loading…
Reference in New Issue
Block a user