]>
Commit | Line | Data |
---|---|---|
b7b0e363 ER |
1 | Adjusted for PHP 5.2.17 |
2 | Author: Elan Ruusamäe <glen@pld-linux.org> | |
3 | ||
4 | From: Stanislav Malyshev <stas@php.net> | |
5 | Date: Sun, 11 Jan 2015 08:51:05 +0000 (-0800) | |
6 | Subject: Fix bug #68799: Free called on unitialized pointer | |
7 | X-Git-Tag: php-5.4.37~5^2 | |
8 | X-Git-Url: http://72.52.91.13:8000/?p=php-src.git;a=commitdiff_plain;h=2fc178cf448d8e1b95d1314e47eeef610729e0df;hp=f9ad3086693fce680fbe246e4a45aa92edd2ac35 | |
9 | ||
10 | Fix bug #68799: Free called on unitialized pointer | |
11 | --- | |
12 | ||
13 | --- php-5.2.17/ext/exif/exif.c~ 2015-02-23 12:38:58.000000000 +0200 | |
14 | +++ php-5.2.17/ext/exif/exif.c 2015-02-23 12:41:41.138901305 +0200 | |
15 | @@ -2721,6 +2721,7 @@ | |
16 | static int exif_process_unicode(image_info_type *ImageInfo, xp_field_type *xp_field, int tag, char *szValuePtr, int ByteCount TSRMLS_DC) | |
17 | { | |
18 | xp_field->tag = tag; | |
19 | + xp_field->value = NULL; | |
20 | ||
21 | /* Copy the comment */ | |
22 | #if EXIF_USE_MBSTRING | |
23 | diff --git a/ext/exif/tests/bug68799.jpg b/ext/exif/tests/bug68799.jpg | |
24 | new file mode 100644 | |
25 | index 0000000..acc326d | |
26 | Binary files /dev/null and b/ext/exif/tests/bug68799.jpg differ | |
27 | diff --git a/ext/exif/tests/bug68799.phpt b/ext/exif/tests/bug68799.phpt | |
28 | new file mode 100644 | |
29 | index 0000000..b09f21c | |
30 | --- /dev/null | |
31 | +++ b/ext/exif/tests/bug68799.phpt | |
32 | @@ -0,0 +1,63 @@ | |
33 | +--TEST-- | |
34 | +Bug #68799 (Free called on unitialized pointer) | |
35 | +--SKIPIF-- | |
36 | +<?php if (!extension_loaded('exif')) print 'skip exif extension not available';?> | |
37 | +--FILE-- | |
38 | +<?php | |
39 | +/* | |
40 | +* Pollute the heap. Helps trigger bug. Sometimes not needed. | |
41 | +*/ | |
42 | +class A { | |
43 | + function __construct() { | |
44 | + $a = 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAa'; | |
45 | + $this->a = $a . $a . $a . $a . $a . $a; | |
46 | + } | |
47 | +}; | |
48 | + | |
49 | +function doStuff ($limit) { | |
50 | + | |
51 | + $a = new A; | |
52 | + | |
53 | + $b = array(); | |
54 | + for ($i = 0; $i < $limit; $i++) { | |
55 | + $b[$i] = clone $a; | |
56 | + } | |
57 | + | |
58 | + unset($a); | |
59 | + | |
14ec4521 | 60 | + //gc_collect_cycles(); |
b7b0e363 ER |
61 | +} |
62 | + | |
63 | +$iterations = 3; | |
64 | + | |
65 | +doStuff($iterations); | |
66 | +doStuff($iterations); | |
67 | + | |
14ec4521 | 68 | +//gc_collect_cycles(); |
b7b0e363 ER |
69 | + |
70 | +print_r(exif_read_data(__DIR__.'/bug68799.jpg')); | |
71 | + | |
72 | +?> | |
73 | +--EXPECTF-- | |
74 | +Array | |
75 | +( | |
76 | + [FileName] => bug68799.jpg | |
77 | + [FileDateTime] => %d | |
78 | + [FileSize] => 735 | |
79 | + [FileType] => 2 | |
80 | + [MimeType] => image/jpeg | |
81 | + [SectionsFound] => ANY_TAG, IFD0, WINXP | |
82 | + [COMPUTED] => Array | |
83 | + ( | |
84 | + [html] => width="1" height="1" | |
85 | + [Height] => 1 | |
86 | + [Width] => 1 | |
87 | + [IsColor] => 1 | |
88 | + [ByteOrderMotorola] => 1 | |
89 | + ) | |
90 | + | |
91 | + [XResolution] => 96/1 | |
92 | + [YResolution] => 96/1 | |
93 | + [ResolutionUnit] => 2 | |
94 | + [Author] => | |
95 | +) |