From f9ba0a157f2d7e6d027285cb2ef964a919e67b8e Mon Sep 17 00:00:00 2001 From: Stanislav Malyshev Date: Sun, 28 Sep 2014 16:57:42 -0700 Subject: [PATCH] Fix bug #68113 (Heap corruption in exif_thumbnail()) --- ext/exif/exif.c | 4 ++-- ext/exif/tests/bug68113.jpg | Bin 0 -> 368 bytes ext/exif/tests/bug68113.phpt | 17 +++++++++++++++++ 3 files changed, 19 insertions(+), 2 deletions(-) create mode 100755 ext/exif/tests/bug68113.jpg create mode 100644 ext/exif/tests/bug68113.phpt diff --git a/ext/exif/exif.c b/ext/exif/exif.c index 0b28f1c260..ab2a504351 100644 --- a/ext/exif/exif.c +++ b/ext/exif/exif.c @@ -2416,11 +2416,11 @@ static void* exif_ifd_make_value(image_info_data *info_data, int motorola_intel data_ptr += 8; break; case TAG_FMT_SINGLE: - memmove(data_ptr, &info_data->value.f, byte_count); + memmove(data_ptr, &info_value->f, 4); data_ptr += 4; break; case TAG_FMT_DOUBLE: - memmove(data_ptr, &info_data->value.d, byte_count); + memmove(data_ptr, &info_value->d, 8); data_ptr += 8; break; } diff --git a/ext/exif/tests/bug68113.jpg b/ext/exif/tests/bug68113.jpg new file mode 100755 index 0000000000000000000000000000000000000000..3ce7a620fb108a47d08d669552b995abbacea06a GIT binary patch literal 368 zcmex= +--FILE-- + +Done +--EXPECTF-- +Warning: exif_thumbnail(bug68113.jpg): File structure corrupted in %s/bug68113.php on line 2 + +Warning: exif_thumbnail(bug68113.jpg): Invalid JPEG file in %s/bug68113.php on line 2 +bool(false) +Done \ No newline at end of file -- 2.50.1