File php5-CVE-2019-11042.patch of Package php5.16119

X-Git-Url: http://208.43.231.11:8000/?p=php-src.git;a=blobdiff_plain;f=ext%2Fexif%2Fexif.c;h=3e005b57270afb3fdd4fb52f267b976bbc64c63f;hp=aa272c1d2b2df09593f7d2b98b46f4c64f2f0bfb;hb=e648fa4699e8d072db6db34fcc09826e8127fab8;hpb=f22101c8308669bb63c03a73a2cac2408d844f38

Index: php-5.5.14/ext/exif/exif.c
===================================================================
--- php-5.5.14.orig/ext/exif/exif.c	2020-02-10 14:49:45.821134344 +0100
+++ php-5.5.14/ext/exif/exif.c	2020-02-10 14:49:45.853134534 +0100
@@ -2644,11 +2644,11 @@ static int exif_process_user_comment(ima
 			/* First try to detect BOM: ZERO WIDTH NOBREAK SPACE (FEFF 16) 
 			 * since we have no encoding support for the BOM yet we skip that.
 			 */
-			if (!memcmp(szValuePtr, "\xFE\xFF", 2)) {
+			if (ByteCount >=2 && !memcmp(szValuePtr, "\xFE\xFF", 2)) {
 				decode = "UCS-2BE";
 				szValuePtr = szValuePtr+2;
 				ByteCount -= 2;
-			} else if (!memcmp(szValuePtr, "\xFF\xFE", 2)) {
+			} else if (ByteCount >=2 && !memcmp(szValuePtr, "\xFF\xFE", 2)) {
 				decode = "UCS-2LE";
 				szValuePtr = szValuePtr+2;
 				ByteCount -= 2;