File php7-CVE-2019-11042.patch of Package php7

X-Git-Url: http://208.43.231.11:8000/?p=php-src.git;a=blobdiff_plain;f=ext%2Fexif%2Fexif.c;h=3e005b57270afb3fdd4fb52f267b976bbc64c63f;hp=aa272c1d2b2df09593f7d2b98b46f4c64f2f0bfb;hb=e648fa4699e8d072db6db34fcc09826e8127fab8;hpb=f22101c8308669bb63c03a73a2cac2408d844f38

diff --git a/ext/exif/exif.c b/ext/exif/exif.c
index aa272c1..3e005b5 100644
--- a/ext/exif/exif.c
+++ b/ext/exif/exif.c
@@ -3015,11 +3015,11 @@ static int exif_process_user_comment(image_info_type *ImageInfo, char **pszInfoP
 			/* First try to detect BOM: ZERO WIDTH NOBREAK SPACE (FEFF 16)
 			 * since we have no encoding support for the BOM yet we skip that.
 			 */
-			if (!memcmp(szValuePtr, "\xFE\xFF", 2)) {
+			if (ByteCount >=2 && !memcmp(szValuePtr, "\xFE\xFF", 2)) {
 				decode = "UCS-2BE";
 				szValuePtr = szValuePtr+2;
 				ByteCount -= 2;
-			} else if (!memcmp(szValuePtr, "\xFF\xFE", 2)) {
+			} else if (ByteCount >=2 && !memcmp(szValuePtr, "\xFF\xFE", 2)) {
 				decode = "UCS-2LE";
 				szValuePtr = szValuePtr+2;
 				ByteCount -= 2;
openSUSE Build Service is sponsored by