From: Kalle Sommer Nielsen <kalle@php.net>
Date: Wed, 12 Jul 2017 04:11:14 +0000 (+0200)
Subject: We need to check for the length here too, or we crash and no one likes that! :(
X-Git-Tag: php-7.2.0beta1~66
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=363bb03b7ece6abc9281097a004bd1625f2879f7;p=php

We need to check for the length here too, or we crash and no one likes that! :(
---

diff --git a/ext/exif/exif.c b/ext/exif/exif.c
index b83b506b97..2f07198988 100644
--- a/ext/exif/exif.c
+++ b/ext/exif/exif.c
@@ -4312,6 +4312,8 @@ static int exif_read_from_stream(image_info_type *ImageInfo, php_stream *stream,
 	int ret;
 	zend_stat_t st;
 
+	php_printf("exif_read_from_stream");
+
 	/* Start with an empty image information structure. */
 	memset(ImageInfo, 0, sizeof(*ImageInfo));
 
@@ -4375,6 +4377,8 @@ static int exif_read_from_file(image_info_type *ImageInfo, char *FileName, int r
 	int ret;
 	php_stream *stream;
 
+	php_printf("exif_read_from_file");
+
 	stream = php_stream_open_wrapper(FileName, "rb", STREAM_MUST_SEEK | IGNORE_PATH, NULL);
 
 	if (!stream) {
@@ -4454,6 +4458,12 @@ PHP_FUNCTION(exif_read_data)
 	} else {
 		convert_to_string(stream);
 
+		if (!Z_STRLEN_P(stream)) {
+			exif_error_docref(NULL EXIFERR_CC, &ImageInfo, E_WARNING, "Filename cannot be empty");
+
+			RETURN_FALSE;
+		}
+
 		ret = exif_read_from_file(&ImageInfo, Z_STRVAL_P(stream), read_thumbnail, read_all);
 	}
 
@@ -4618,6 +4628,12 @@ PHP_FUNCTION(exif_thumbnail)
 	} else {
 		convert_to_string(stream);
 
+		if (!Z_STRLEN_P(stream)) {
+			exif_error_docref(NULL EXIFERR_CC, &ImageInfo, E_WARNING, "Filename cannot be empty");
+
+			RETURN_FALSE;
+		}
+
 		ret = exif_read_from_file(&ImageInfo, Z_STRVAL_P(stream), 1, 0);
 	}