summaryrefslogtreecommitdiffstats
path: root/bug73737.patch
diff options
context:
space:
mode:
authorRemi Collet <fedora@famillecollet.com>2017-02-18 08:58:42 +0100
committerRemi Collet <fedora@famillecollet.com>2017-02-18 08:58:42 +0100
commit0e26c7b3a2d48b2fe256b8b7074b02218cfd46c1 (patch)
tree0c035b4ea81cae8024e5eedb4db8d837acce626b /bug73737.patch
parent7ffbd4270341b5ad5bc6a5e81edfc003ea92e5e0 (diff)
PHP 5.6.38-7 (security fix from 5.6.30)
Diffstat (limited to 'bug73737.patch')
-rw-r--r--bug73737.patch154
1 files changed, 154 insertions, 0 deletions
diff --git a/bug73737.patch b/bug73737.patch
new file mode 100644
index 0000000..36fd6a6
--- /dev/null
+++ b/bug73737.patch
@@ -0,0 +1,154 @@
+Backported from 5.6.30 by Remi.
+Binary parts dropped
+
+
+From 1cda0d7c2ffb62d8331c64e703131d9cabdc03ea Mon Sep 17 00:00:00 2001
+From: Stanislav Malyshev <stas@php.net>
+Date: Sat, 31 Dec 2016 19:31:49 -0800
+Subject: [PATCH] Fix bug #73737 FPE when parsing a tag format
+
+---
+ ext/exif/exif.c | 2 +-
+ ext/exif/tests/bug73737.phpt | 12 ++++++++++++
+ ext/exif/tests/bug73737.tiff | Bin 0 -> 48 bytes
+ 3 files changed, 13 insertions(+), 1 deletion(-)
+ create mode 100644 ext/exif/tests/bug73737.phpt
+ create mode 100644 ext/exif/tests/bug73737.tiff
+
+diff --git a/ext/exif/exif.c b/ext/exif/exif.c
+index 8b0e34c..83daee6 100644
+--- a/ext/exif/exif.c
++++ b/ext/exif/exif.c
+@@ -1313,7 +1313,7 @@ static size_t exif_convert_any_to_int(void *value, int format, int motorola_inte
+ if (s_den == 0) {
+ return 0;
+ } else {
+- return php_ifd_get32s(value, motorola_intel) / s_den;
++ return (size_t)((double)php_ifd_get32s(value, motorola_intel) / s_den);
+ }
+
+ case TAG_FMT_SSHORT: return php_ifd_get16u(value, motorola_intel);
+
+--
+2.1.4
+
+From 900b17b15fd5d29b6575b175b2b120ffab3adc96 Mon Sep 17 00:00:00 2001
+From: Nikita Popov <nikic@php.net>
+Date: Thu, 5 Jan 2017 11:37:06 +0100
+Subject: [PATCH] Fix printf modifier
+
+---
+ ext/exif/exif.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/ext/exif/exif.c b/ext/exif/exif.c
+index 83daee6..3663b3f 100644
+--- a/ext/exif/exif.c
++++ b/ext/exif/exif.c
+@@ -2865,7 +2865,7 @@ static int exif_process_IFD_TAG(image_info_type *ImageInfo, char *dir_entry, cha
+ }
+
+ if (components < 0) {
+- exif_error_docref("exif_read_data#error_ifd" EXIFERR_CC, ImageInfo, E_WARNING, "Process tag(x%04X=%s): Illegal components(%ld)", tag, exif_get_tagname(tag, tagname, -12, tag_table TSRMLS_CC), components);
++ exif_error_docref("exif_read_data#error_ifd" EXIFERR_CC, ImageInfo, E_WARNING, "Process tag(x%04X=%s): Illegal components(%d)", tag, exif_get_tagname(tag, tagname, -12, tag_table TSRMLS_CC), components);
+ return FALSE;
+ }
+
+--
+2.1.4
+
+From 0ab1af7d3eff815e1809fe044e54283b5a1b8e27 Mon Sep 17 00:00:00 2001
+From: Stanislav Malyshev <stas@php.net>
+Date: Sun, 15 Jan 2017 17:31:08 -0800
+Subject: [PATCH] Update more functions with path check
+
+---
+ ext/curl/curl_file.c | 2 +-
+ ext/exif/exif.c | 2 +-
+ ext/zip/php_zip.c | 2 +-
+ 3 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/ext/curl/curl_file.c b/ext/curl/curl_file.c
+index 029a58a..9792492 100644
+--- a/ext/curl/curl_file.c
++++ b/ext/curl/curl_file.c
+@@ -35,7 +35,7 @@ static void curlfile_ctor(INTERNAL_FUNCTION_PARAMETERS)
+ int fname_len, mime_len, postname_len;
+ zval *cf = return_value;
+
+- if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s|ss", &fname, &fname_len, &mime, &mime_len, &postname, &postname_len) == FAILURE) {
++ if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "p|ss", &fname, &fname_len, &mime, &mime_len, &postname, &postname_len) == FAILURE) {
+ return;
+ }
+
+diff --git a/ext/exif/exif.c b/ext/exif/exif.c
+index 3663b3f..1c8772f 100644
+--- a/ext/exif/exif.c
++++ b/ext/exif/exif.c
+@@ -4220,7 +4220,7 @@ PHP_FUNCTION(exif_imagetype)
+ php_stream * stream;
+ int itype = 0;
+
+- if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s", &imagefile, &imagefile_len) == FAILURE) {
++ if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "p", &imagefile, &imagefile_len) == FAILURE) {
+ return;
+ }
+
+
+--
+2.1.4
+
+From 814966ad33f9a734e422e34327256d58a91d1272 Mon Sep 17 00:00:00 2001
+From: Stanislav Malyshev <stas@php.net>
+Date: Sun, 15 Jan 2017 18:42:22 -0800
+Subject: [PATCH] Fix test
+
+---
+ ext/exif/tests/exif_imagetype_variation1.phpt | 12 ++++++------
+ 1 file changed, 6 insertions(+), 6 deletions(-)
+
+diff --git a/ext/exif/tests/exif_imagetype_variation1.phpt b/ext/exif/tests/exif_imagetype_variation1.phpt
+index 767ed5f..d33217c 100644
+--- a/ext/exif/tests/exif_imagetype_variation1.phpt
++++ b/ext/exif/tests/exif_imagetype_variation1.phpt
+@@ -142,23 +142,23 @@ Warning: exif_imagetype(0.5): failed to open stream: No such file or directory i
+ bool(false)
+ -- Iteration 10 --
+
+-Warning: exif_imagetype() expects parameter 1 to be string, array given in %s on line %d
++Warning: exif_imagetype() expects parameter 1 to be a valid path, array given in %s on line %d
+ NULL
+ -- Iteration 11 --
+
+-Warning: exif_imagetype() expects parameter 1 to be string, array given in %s on line %d
++Warning: exif_imagetype() expects parameter 1 to be a valid path, array given in %s on line %d
+ NULL
+ -- Iteration 12 --
+
+-Warning: exif_imagetype() expects parameter 1 to be string, array given in %s on line %d
++Warning: exif_imagetype() expects parameter 1 to be a valid path, array given in %s on line %d
+ NULL
+ -- Iteration 13 --
+
+-Warning: exif_imagetype() expects parameter 1 to be string, array given in %s on line %d
++Warning: exif_imagetype() expects parameter 1 to be a valid path, array given in %s on line %d
+ NULL
+ -- Iteration 14 --
+
+-Warning: exif_imagetype() expects parameter 1 to be string, array given in %s on line %d
++Warning: exif_imagetype() expects parameter 1 to be a valid path, array given in %s on line %d
+ NULL
+ -- Iteration 15 --
+
+@@ -198,7 +198,7 @@ Warning: exif_imagetype(obj'ct): failed to open stream: No such file or director
+ bool(false)
+ -- Iteration 24 --
+
+-Warning: exif_imagetype() expects parameter 1 to be string, resource given in %s on line %d
++Warning: exif_imagetype() expects parameter 1 to be a valid path, resource given in %s on line %d
+ NULL
+ -- Iteration 25 --
+
+--
+2.1.4
+