From 54c47c5cbf037ce982bf1868f79051c8af88bad3 Mon Sep 17 00:00:00 2001 From: Remi Collet Date: Tue, 12 Mar 2019 11:05:11 +0100 Subject: Fix #77396 Null Pointer Dereference in phar_create_or_parse_filename Fix #77586 - phar_tar_writeheaders_int() buffer overflow - spl: Fix #77431 openFile() silently truncates after a null byte - security fix synced with https://github.com/Microsoft/php-src/ --- php-bug77540.patch | 20 +++++++++----------- 1 file changed, 9 insertions(+), 11 deletions(-) (limited to 'php-bug77540.patch') diff --git a/php-bug77540.patch b/php-bug77540.patch index 228c59d..946b3cb 100644 --- a/php-bug77540.patch +++ b/php-bug77540.patch @@ -1,19 +1,15 @@ -Backported for 5.6 from 7.1 by remi -without binary diff - - - -From 5e824a88d073d282c4f358f186cb87ddc284f83d Mon Sep 17 00:00:00 2001 +From 3f875bf0da30b46aaa772367b9638b867e2b7690 Mon Sep 17 00:00:00 2001 From: Stanislav Malyshev Date: Fri, 1 Mar 2019 23:25:45 -0800 Subject: [PATCH] Fix integer overflows on 32-bits +(cherry picked from commit 5e824a88d073d282c4f358f186cb87ddc284f83d) --- ext/exif/exif.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/ext/exif/exif.c b/ext/exif/exif.c -index cbde3effedf9..b4563927a505 100644 +index cad29b7295..47055a180c 100644 --- a/ext/exif/exif.c +++ b/ext/exif/exif.c @@ -3577,10 +3577,10 @@ static int exif_process_IFD_in_TIFF(image_info_type *ImageInfo, size_t dir_offse @@ -53,11 +49,12 @@ index cbde3effedf9..b4563927a505 100644 exif_error_docref(NULL EXIFERR_CC, ImageInfo, E_WARNING, "Error in TIFF: filesize(x%04X) less than size of IFD(x%04X + x%04X)", ImageInfo->FileSize, dir_offset, ifd_size); return FALSE; } -From 5f0e62a3e5b525163e538aaab0161c2c8c5d057b Mon Sep 17 00:00:00 2001 +From 67d1a5b7d7330ceb414fd3d33ab3243fc06fa0dc Mon Sep 17 00:00:00 2001 From: Stanislav Malyshev Date: Sat, 2 Mar 2019 13:38:00 -0800 Subject: [PATCH] Fix bug #77540 - Invalid Read on exif_process_SOFn +(cherry picked from commit 5f0e62a3e5b525163e538aaab0161c2c8c5d057b) --- ext/exif/exif.c | 10 ++++++++-- ext/exif/tests/bug77540.jpg | Bin 0 -> 91 bytes @@ -67,10 +64,10 @@ Subject: [PATCH] Fix bug #77540 - Invalid Read on exif_process_SOFn create mode 100644 ext/exif/tests/bug77540.phpt diff --git a/ext/exif/exif.c b/ext/exif/exif.c -index b4563927a505..ea88a8f115e8 100644 +index 47055a180c..5497068fb1 100644 --- a/ext/exif/exif.c +++ b/ext/exif/exif.c -@@ -3519,7 +3519,7 @@ static int exif_scan_thumbnail(image_info_type *ImageInfo) +@@ -3519,7 +3519,7 @@ static int exif_scan_thumbnail(image_info_type *ImageInfo TSRMLS_DC) return FALSE; marker = c; length = php_jpg_get16(data+pos); @@ -79,7 +76,7 @@ index b4563927a505..ea88a8f115e8 100644 return FALSE; } #ifdef EXIF_DEBUG -@@ -3540,6 +3540,10 @@ static int exif_scan_thumbnail(image_info_type *ImageInfo) +@@ -3540,6 +3540,10 @@ static int exif_scan_thumbnail(image_info_type *ImageInfo TSRMLS_DC) case M_SOF14: case M_SOF15: /* handle SOFn block */ @@ -101,3 +98,4 @@ index b4563927a505..ea88a8f115e8 100644 } zval_dtor(p_width); zval_dtor(p_height); + -- cgit