File php-CVE-2016-7128.patch of Package php7

Index: php-7.0.7/ext/exif/exif.c
===================================================================
--- php-7.0.7.orig/ext/exif/exif.c	2016-09-06 15:37:24.548466484 +0200
+++ php-7.0.7/ext/exif/exif.c	2016-09-06 15:37:43.156783503 +0200
@@ -3726,8 +3726,11 @@ static int exif_process_IFD_in_TIFF(imag
 						fgot = php_stream_read(ImageInfo->infile, ImageInfo->Thumbnail.data, ImageInfo->Thumbnail.size);
 						if (fgot < ImageInfo->Thumbnail.size) {
 							EXIF_ERRLOG_THUMBEOF(ImageInfo)
+							efree(ImageInfo->Thumbnail.data);
+							ImageInfo->Thumbnail.data = NULL;
+						} else {
+							exif_thumbnail_build(ImageInfo);
 						}
-						exif_thumbnail_build(ImageInfo);
 					}
 #ifdef EXIF_DEBUG
 					exif_error_docref(NULL EXIFERR_CC, ImageInfo, E_NOTICE, "Read next IFD (THUMBNAIL) done");
openSUSE Build Service is sponsored by