My Alpine packages repository.
https://dryabzhinsky.noip.me/packages/en/alpinelinux-support/
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
45 lines
1.5 KiB
45 lines
1.5 KiB
From 1cda0d7c2ffb62d8331c64e703131d9cabdc03ea Mon Sep 17 00:00:00 2001 |
|
From: Stanislav Malyshev <stas@php.net> |
|
Date: Sat, 31 Dec 2016 19:31:49 -0800 |
|
Subject: [PATCH] CVE-2016-10158 |
|
|
|
Fix bug #73737 FPE when parsing a tag format |
|
|
|
[roberto@debian.org: backported to 5.4.45] |
|
|
|
Bug: https://bugs.php.net/bug.php?id=73737 |
|
Origin: backport, http://git.php.net/?p=php-src.git;a=commitdiff;h=1cda0d7c2ffb62d8331c64e703131d9cabdc03ea |
|
--- |
|
ext/exif/exif.c | 2 +- |
|
ext/exif/tests/bug73737.phpt | 12 ++++++++++++ |
|
ext/exif/tests/bug73737.tiff | Bin 0 -> 48 bytes |
|
3 files changed, 13 insertions(+), 1 deletion(-) |
|
create mode 100644 ext/exif/tests/bug73737.phpt |
|
create mode 100644 ext/exif/tests/bug73737.tiff |
|
|
|
--- php5.git.orig/ext/exif/exif.c |
|
+++ php5.git/ext/exif/exif.c |
|
@@ -1313,7 +1313,7 @@ |
|
if (s_den == 0) { |
|
return 0; |
|
} else { |
|
- return php_ifd_get32s(value, motorola_intel) / s_den; |
|
+ return (size_t)((double)php_ifd_get32s(value, motorola_intel) / s_den); |
|
} |
|
|
|
case TAG_FMT_SSHORT: return php_ifd_get16u(value, motorola_intel); |
|
--- /dev/null |
|
+++ php5.git/ext/exif/tests/bug73737.phpt |
|
@@ -0,0 +1,12 @@ |
|
+--TEST-- |
|
+Bug #73737 (Crash when parsing a tag format) |
|
+--SKIPIF-- |
|
+<?php if (!extension_loaded('exif')) print 'skip exif extension not available';?> |
|
+--FILE-- |
|
+<?php |
|
+ $exif = exif_thumbnail(__DIR__ . '/bug73737.tiff'); |
|
+ var_dump($exif); |
|
+?> |
|
+--EXPECTF-- |
|
+Warning: exif_thumbnail(bug73737.tiff): Error in TIFF: filesize(x0030) less than start of IFD dir(x10102) in %s line %d |
|
+bool(false)
|
|
|