From 0f1e56bc3a1e1bf4a43779fabaf7201ff1162050 Mon Sep 17 00:00:00 2001
From: Ilia Alshanetsky <iliaa@php.net>
Date: Wed, 12 Mar 2008 17:33:14 +0000
Subject: [PATCH] MFB: Fixed bug #44388 (Crash inside exif_read_data() on
 invalid images)

---
 NEWS            | 1 +
 ext/exif/exif.c | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/NEWS b/NEWS
index 207534a539..924aa482e7 100644
--- a/NEWS
+++ b/NEWS
@@ -2,6 +2,7 @@ PHP                                                                        NEWS
 |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
 ?? Mar 2008 , PHP 5.2.6
 - Fixed bug #44394 (Last two bytes missing from output). (Felipe)
+- Fixed bug #44388 (Crash inside exif_read_data() on invalid images) (Ilia)
 - Fixed bug #44373 (PDO_OCI extension compile failed). (Felipe)
 
 06 Mar 2008, PHP 5.2.6RC2
diff --git a/ext/exif/exif.c b/ext/exif/exif.c
index 5aa0ab2e1c..b2d9811a94 100644
--- a/ext/exif/exif.c
+++ b/ext/exif/exif.c
@@ -2877,7 +2877,7 @@ static int exif_process_IFD_TAG(image_info_type *ImageInfo, char *dir_entry, cha
 					/* exception are IFD pointers */
 					exif_error_docref("exif_read_data#error_ifd" EXIFERR_CC, ImageInfo, E_WARNING, "Process tag(x%04X=%s): Illegal pointer offset(x%04X + x%04X = x%04X > x%04X)", tag, exif_get_tagname(tag, tagname, -12, tag_table TSRMLS_CC), offset_val, byte_count, offset_val+byte_count, IFDlength);
 				}
-				return TRUE;
+				return FALSE;
 			}
 			if (byte_count>sizeof(cbuf)) {
 				/* mark as outside range and get buffer */
-- 
2.50.1