From 9f38c4dd4597e41bdd0747f7e1ab8c4cfb614487 Mon Sep 17 00:00:00 2001
From: Remi Collet <remi@remirepo.net>
Date: Tue, 30 Jul 2019 12:36:20 +0200
Subject: - exif:   Fix #78256 heap-buffer-overflow on
 exif_process_user_comment   CVE-2019-11042   Fix #78222 heap-buffer-overflow
 on exif_scan_thumbnail   CVE-2019-11041 - phar:   Fix #77919 Potential UAF in
 Phar RSHUTDOWN

---
 php-bug78222.patch | 32 ++++++++++++++++++++++++++++++++
 1 file changed, 32 insertions(+)
 create mode 100644 php-bug78222.patch

(limited to 'php-bug78222.patch')

diff --git a/php-bug78222.patch b/php-bug78222.patch
new file mode 100644
index 0000000..adbb0f1
--- /dev/null
+++ b/php-bug78222.patch
@@ -0,0 +1,32 @@
+Without test as binary patch not supported
+
+
+
+
+From 2a0f13b2321381cf8772ff6ac10bbb8d2820b8f9 Mon Sep 17 00:00:00 2001
+From: Stanislav Malyshev <stas@php.net>
+Date: Sun, 7 Jul 2019 17:01:01 -0700
+Subject: [PATCH] Fix bug #78222 (heap-buffer-overflow on exif_scan_thumbnail)
+
+(cherry picked from commit dea2989ab8ba87a6180af497b2efaf0527e985c5)
+---
+ ext/exif/exif.c              |   2 +-
+ ext/exif/tests/bug78222.jpg  | Bin 0 -> 91 bytes
+ ext/exif/tests/bug78222.phpt |  11 +++++++++++
+ 3 files changed, 12 insertions(+), 1 deletion(-)
+ create mode 100644 ext/exif/tests/bug78222.jpg
+ create mode 100644 ext/exif/tests/bug78222.phpt
+
+diff --git a/ext/exif/exif.c b/ext/exif/exif.c
+index dd7d268bbd..8b379bbb7f 100644
+--- a/ext/exif/exif.c
++++ b/ext/exif/exif.c
+@@ -3497,7 +3497,7 @@ static int exif_scan_thumbnail(image_info_type *ImageInfo)
+ 	size_t          length=2, pos=0;
+ 	jpeg_sof_info   sof_info;
+ 
+-	if (!data) {
++	if (!data || ImageInfo->Thumbnail.size < 4) {
+ 		return FALSE; /* nothing to do here */
+ 	}
+ 	if (memcmp(data, "\xFF\xD8\xFF", 3)) {
-- 
cgit