From: Christoph M. Becker Date: Thu, 12 Apr 2018 21:00:37 +0000 (+0200) Subject: Fix #76164: exif_read_data zend_mm_heap corrupted X-Git-Tag: php-7.2.6RC1~36 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=281a1754b9e8348065bb7aa12539346b09e6393e;p=php Fix #76164: exif_read_data zend_mm_heap corrupted We must not release parsed parameters ourselves, since this is already done by the engine. --- diff --git a/NEWS b/NEWS index 9aa92bbaa1..c82db3257d 100644 --- a/NEWS +++ b/NEWS @@ -2,6 +2,9 @@ PHP NEWS ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| ?? ??? 2018, PHP 7.2.6 +- EXIF: + . Fixed bug #76164 (exif_read_data zend_mm_heap corrupted). (cmb) + - Session: . Fixed bug #74892 (Url Rewriting (trans_sid) not working on urls that start with "#"). (Andrew Nester) diff --git a/ext/exif/exif.c b/ext/exif/exif.c index d9c591496b..43bd7a33c3 100644 --- a/ext/exif/exif.c +++ b/ext/exif/exif.c @@ -4457,13 +4457,11 @@ PHP_FUNCTION(exif_read_data) #ifdef EXIF_DEBUG sections_str = exif_get_sectionlist(sections_needed); if (!sections_str) { - zend_string_release(z_sections_needed); RETURN_FALSE; } exif_error_docref(NULL EXIFERR_CC, &ImageInfo, E_NOTICE, "Sections needed: %s", sections_str[0] ? sections_str : "None"); EFREE_IF(sections_str); #endif - zend_string_release(z_sections_needed); } if (Z_TYPE_P(stream) == IS_RESOURCE) { diff --git a/ext/exif/tests/bug76164.phpt b/ext/exif/tests/bug76164.phpt new file mode 100644 index 0000000000..ea77e1d5e9 --- /dev/null +++ b/ext/exif/tests/bug76164.phpt @@ -0,0 +1,16 @@ +--TEST-- +Bug #76164 (exif_read_data zend_mm_heap corrupted) +--SKIPIF-- + +--FILE-- + +===DONE=== +--EXPECT-- +===DONE===