Overview

File php-CVE-2019-11040.patch of Package php5.11538

X-Git-Url: http://208.43.231.11:8000/?p=php-src.git;a=blobdiff_plain;f=ext%2Fexif%2Fexif.c;h=605b37923f888d320a87947a58f19fd2122475e8;hp=d174def80c1355fc54d09a0ae754ced64d85768d;hb=73ff4193be24192c894dc0502d06e2b2db35eefb;hpb=16e037bd46359a31f218ee220ff09f1c3270e489

Index: php-5.5.14/ext/exif/exif.c
===================================================================
--- php-5.5.14.orig/ext/exif/exif.c	2019-06-14 15:31:49.123572746 +0200
+++ php-5.5.14/ext/exif/exif.c	2019-06-14 15:31:49.155572914 +0200
@@ -3533,6 +3533,8 @@ static int exif_scan_thumbnail(image_inf
 		if (c == 0xFF) 
 			return FALSE;
 		marker = c;
+		if (pos>=ImageInfo->Thumbnail.size)
+			return FALSE;
 		length = php_jpg_get16(data+pos);
 		if (length > ImageInfo->Thumbnail.size || pos >= ImageInfo->Thumbnail.size - length) {
 			return FALSE;
openSUSE Build Service is sponsored by
Places