File php7-CVE-2019-11047.patch of Package php7

X-Git-Url: http://208.43.231.11:8000/?p=php-src.git;a=blobdiff_plain;f=ext%2Fexif%2Fexif.c;h=c0be05922fbde95cd9cf62e1f44e2f497f8acafc;hp=f961f44a46c61a1918cf57d4575c39080c6d35b1;hb=d348cfb96f2543565691010ade5e0346338be5a7;hpb=eb23c6008753b1cdc5359dead3a096dce46c9018

diff --git a/ext/exif/exif.c b/ext/exif/exif.c
index f961f44a46c..c0be05922fb 100644
--- a/ext/exif/exif.c
+++ b/ext/exif/exif.c
@@ -3165,7 +3165,8 @@ static int exif_process_IFD_in_MAKERNOTE(image_info_type *ImageInfo, char * valu
 			continue;
 		if (maker_note->model && (!ImageInfo->model || strcmp(maker_note->model, ImageInfo->model)))
 			continue;
-		if (maker_note->id_string && strncmp(maker_note->id_string, value_ptr, maker_note->id_string_len))
+		if (maker_note->id_string && value_len >= maker_note->id_string_len
+				&& strncmp(maker_note->id_string, value_ptr, maker_note->id_string_len))
 			continue;
 		break;
 	}
openSUSE Build Service is sponsored by