Fixed bug #44388 (Crash inside exif_read_data() on invalid images)

author Ilia Alshanetsky <iliaa@php.net>

Wed, 12 Mar 2008 17:32:01 +0000 (17:32 +0000)

committer Ilia Alshanetsky <iliaa@php.net>

Wed, 12 Mar 2008 17:32:01 +0000 (17:32 +0000)
author Ilia Alshanetsky <iliaa@php.net>
Wed, 12 Mar 2008 17:32:01 +0000 (17:32 +0000)
committer Ilia Alshanetsky <iliaa@php.net>
Wed, 12 Mar 2008 17:32:01 +0000 (17:32 +0000)
diff --git a/ext/exif/exif.c b/ext/exif/exif.c

index ab6ff2939ac20f3ed2fdb4383cdc72df564b6510..da1f1d3f0798699d046d00708b19fdd38011ea7f 100644 (file)
--- a/ext/exif/exif.c
+++ b/ext/exif/exif.c
@@ -2877,7 +2877,7 @@ static int exif_process_IFD_TAG(image_info_type *ImageInfo, char *dir_entry, cha
                                         /* exception are IFD pointers */
                                         exif_error_docref("exif_read_data#error_ifd" EXIFERR_CC, ImageInfo, E_WARNING, "Process tag(x%04X=%s): Illegal pointer offset(x%04X + x%04X = x%04X > x%04X)", tag, exif_get_tagname(tag, tagname, -12, tag_table TSRMLS_CC), offset_val, byte_count, offset_val+byte_count, IFDlength);
                                 }
-                               return TRUE;
+                               return FALSE;
                         }
                         if (byte_count>sizeof(cbuf)) {
                                 /* mark as outside range and get buffer */
author	Ilia Alshanetsky <iliaa@php.net>
	Wed, 12 Mar 2008 17:32:01 +0000 (17:32 +0000)
committer	Ilia Alshanetsky <iliaa@php.net>
	Wed, 12 Mar 2008 17:32:01 +0000 (17:32 +0000)