Fixed possible bufferoverflow

diff --git a/ext/exif/exif.c b/ext/exif/exif.c
index 9d4bc0760b9a0fbab133943a6354f7218b234fc5..724689d3f2469c81097afccdfa205693a46aa6cb 100644 (file)
--- a/ext/exif/exif.c
+++ b/ext/exif/exif.c
@@ -2733,6 +2733,11 @@ static int exif_process_IFD_TAG(image_info_type *ImageInfo, char *dir_entry, cha
 
        byte_count = components * php_tiff_bytes_per_format[format];
 
+       if ((ssize_t)byte_count < 0) {
+               exif_error_docref("exif_read_data#error_ifd" EXIFERR_CC, ImageInfo, E_WARNING, "Process tag(x%04X=%s): Illegal byte_count(%ld)", tag, exif_get_tagname(tag, tagname, -12, tag_table TSRMLS_CC), byte_count);
+               return FALSE;
+       }
+
        if (byte_count > 4) {
                offset_val = php_ifd_get32u(dir_entry+8, ImageInfo->motorola_intel);
                /* If its bigger than 4 bytes, the dir entry contains an offset. */