|
1 CVE-2014-3670 |
|
2 Community BUG: |
|
3 https://bugs.php.net/bug.php?id=68113 |
|
4 Community CODE: |
|
5 http://git.php.net/?p=php-src.git;a=commit;h=ddb207e7fa2e9adeba021a1303c3781efda5409b |
|
6 Below is the community patch. |
|
7 |
|
8 Not including the test files at the moment: |
|
9 ext/exif/tests/bug68113.jpg |
|
10 ext/exif/tests/bug68113.phpt |
|
11 because our version of gpatch doesn't understand the git binary data file. |
|
12 |
|
13 |
|
14 From ddb207e7fa2e9adeba021a1303c3781efda5409b Mon Sep 17 00:00:00 2001 |
|
15 From: Stanislav Malyshev <[email protected]> |
|
16 Date: Sun, 28 Sep 2014 16:57:42 -0700 |
|
17 Subject: [PATCH] Fix bug #68113 (Heap corruption in exif_thumbnail()) |
|
18 |
|
19 --- |
|
20 ext/exif/exif.c | 4 ++-- |
|
21 ext/exif/tests/bug68113.jpg | Bin 0 -> 368 bytes |
|
22 ext/exif/tests/bug68113.phpt | 17 +++++++++++++++++ |
|
23 3 files changed, 19 insertions(+), 2 deletions(-) |
|
24 create mode 100755 ext/exif/tests/bug68113.jpg |
|
25 create mode 100644 ext/exif/tests/bug68113.phpt |
|
26 |
|
27 diff --git a/ext/exif/exif.c b/ext/exif/exif.c |
|
28 index 38907b4..637ebf9 100644 |
|
29 --- a/ext/exif/exif.c |
|
30 +++ b/ext/exif/exif.c |
|
31 @@ -2426,11 +2426,11 @@ static void* exif_ifd_make_value(image_info_data *info_data, int motorola_intel |
|
32 data_ptr += 8; |
|
33 break; |
|
34 case TAG_FMT_SINGLE: |
|
35 - memmove(data_ptr, &info_data->value.f, byte_count); |
|
36 + memmove(data_ptr, &info_value->f, 4); |
|
37 data_ptr += 4; |
|
38 break; |
|
39 case TAG_FMT_DOUBLE: |
|
40 - memmove(data_ptr, &info_data->value.d, byte_count); |
|
41 + memmove(data_ptr, &info_value->d, 8); |
|
42 data_ptr += 8; |
|
43 break; |
|
44 } |