File php-CVE-2019-11034.patch of Package php7.14228
X-Git-Url: http://208.43.231.11:8000/?p=php-src.git;a=blobdiff_plain;f=ext%2Fexif%2Fexif.c;h=0b5bb5ae2123989a28b2112ab5506777083ad9d5;hp=fe89b854711879274555bdc762ea6e7fa518fa59;hb=f3aefc6d071b807ddacae0a0bc49f09c38e18490;hpb=0ecac37c40a27ffbd59f34b5920735ee0b7f994c
diff --git a/ext/exif/exif.c b/ext/exif/exif.c
index fe89b85..0b5bb5a 100644
--- a/ext/exif/exif.c
+++ b/ext/exif/exif.c
@@ -2802,6 +2802,10 @@ static int exif_process_IFD_in_MAKERNOTE(image_info_type *ImageInfo, char * valu
exif_error_docref("exif_read_data#error_ifd" EXIFERR_CC, ImageInfo, E_WARNING, "Illegal IFD size: 2 + 0x%04X*12 = 0x%04X > 0x%04X", NumDirEntries, 2+NumDirEntries*12, value_len);
return FALSE;
}
+ if ((dir_start - value_ptr) > value_len - (2+NumDirEntries*12)) {
+ exif_error_docref("exif_read_data#error_ifd" EXIFERR_CC, ImageInfo, E_WARNING, "Illegal IFD size: 0x%04X > 0x%04X", (dir_start - value_ptr) + (2+NumDirEntries*12), value_len);
+ return FALSE;
+ }
for (de=0;de<NumDirEntries;de++) {
if (!exif_process_IFD_TAG(ImageInfo, dir_start + 2 + 12 * de,