File php-CVE-2019-9638,9639.patch of Package php7.24162

Index: php-7.2.5/ext/exif/exif.c
===================================================================
--- php-7.2.5.orig/ext/exif/exif.c	2019-03-19 11:47:31.254886961 +0100
+++ php-7.2.5/ext/exif/exif.c	2019-03-19 11:49:09.123455967 +0100
@@ -3149,7 +3149,7 @@ static int exif_process_IFD_in_MAKERNOTE
 		break;
 	}
 	
-	if (maker_note->offset >= value_len) {
+	if (value_len < 2 || maker_note->offset >= value_len - 1) {
 		/* Do not go past the value end */
 		exif_error_docref("exif_read_data#error_ifd" EXIFERR_CC, ImageInfo, E_WARNING, "IFD data too short: 0x%04X offset 0x%04X", value_len, maker_note->offset);
 		return FALSE;
@@ -3204,6 +3204,7 @@ static int exif_process_IFD_in_MAKERNOTE
 #endif
 		default:
 		case MN_OFFSET_NORMAL:
+			data_len = value_len;
 			break;
 	}
 
openSUSE Build Service is sponsored by