projects / packages / php.git / blame
| Commit | Line | Data |
|---|---|---|
| b7b0e363 ER |
1 | Adjusted for PHP 5.2.17 |
| 2 | Author: Elan Ruusamäe <glen@pld-linux.org> | |
| 3 | ||
| 4 | From: Stanislav Malyshev <stas@php.net> | |
| 5 | Date: Sun, 11 Jan 2015 08:51:05 +0000 (-0800) | |
| 6 | Subject: Fix bug #68799: Free called on unitialized pointer | |
| 7 | X-Git-Tag: php-5.4.37~5^2 | |
| 8 | X-Git-Url: http://72.52.91.13:8000/?p=php-src.git;a=commitdiff_plain;h=2fc178cf448d8e1b95d1314e47eeef610729e0df;hp=f9ad3086693fce680fbe246e4a45aa92edd2ac35 | |
| 9 | ||
| 10 | Fix bug #68799: Free called on unitialized pointer | |
| 11 | --- | |
| 12 | ||
| 13 | --- php-5.2.17/ext/exif/exif.c~ 2015-02-23 12:38:58.000000000 +0200 | |
| 14 | +++ php-5.2.17/ext/exif/exif.c 2015-02-23 12:41:41.138901305 +0200 | |
| 15 | @@ -2721,6 +2721,7 @@ | |
| 16 | static int exif_process_unicode(image_info_type *ImageInfo, xp_field_type *xp_field, int tag, char *szValuePtr, int ByteCount TSRMLS_DC) | |
| 17 | { | |
| 18 | xp_field->tag = tag; | |
| 19 | + xp_field->value = NULL; | |
| 20 | ||
| 21 | /* Copy the comment */ | |
| 22 | #if EXIF_USE_MBSTRING | |
| 23 | diff --git a/ext/exif/tests/bug68799.jpg b/ext/exif/tests/bug68799.jpg | |
| 24 | new file mode 100644 | |
| 25 | index 0000000..acc326d | |
| 26 | Binary files /dev/null and b/ext/exif/tests/bug68799.jpg differ | |
| 27 | diff --git a/ext/exif/tests/bug68799.phpt b/ext/exif/tests/bug68799.phpt | |
| 28 | new file mode 100644 | |
| 29 | index 0000000..b09f21c | |
| 30 | --- /dev/null | |
| 31 | +++ b/ext/exif/tests/bug68799.phpt | |
| 32 | @@ -0,0 +1,63 @@ | |
| 33 | +--TEST-- | |
| 34 | +Bug #68799 (Free called on unitialized pointer) | |
| 35 | +--SKIPIF-- | |
| 36 | +<?php if (!extension_loaded('exif')) print 'skip exif extension not available';?> | |
| 37 | +--FILE-- | |
| 38 | +<?php | |
| 39 | +/* | |
| 40 | +* Pollute the heap. Helps trigger bug. Sometimes not needed. | |
| 41 | +*/ | |
| 42 | +class A { | |
| 43 | + function __construct() { | |
| 44 | + $a = 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAa'; | |
| 45 | + $this->a = $a . $a . $a . $a . $a . $a; | |
| 46 | + } | |
| 47 | +}; | |
| 48 | + | |
| 49 | +function doStuff ($limit) { | |
| 50 | + | |
| 51 | + $a = new A; | |
| 52 | + | |
| 53 | + $b = array(); | |
| 54 | + for ($i = 0; $i < $limit; $i++) { | |
| 55 | + $b[$i] = clone $a; | |
| 56 | + } | |
| 57 | + | |
| 58 | + unset($a); | |
| 59 | + | |
| 14ec4521 | 60 | + //gc_collect_cycles(); |
| b7b0e363 ER |
61 | +} |
| 62 | + | |
| 63 | +$iterations = 3; | |
| 64 | + | |
| 65 | +doStuff($iterations); | |
| 66 | +doStuff($iterations); | |
| 67 | + | |
| 14ec4521 | 68 | +//gc_collect_cycles(); |
| b7b0e363 ER |
69 | + |
| 70 | +print_r(exif_read_data(__DIR__.'/bug68799.jpg')); | |
| 71 | + | |
| 72 | +?> | |
| 73 | +--EXPECTF-- | |
| 74 | +Array | |
| 75 | +( | |
| 76 | + [FileName] => bug68799.jpg | |
| 77 | + [FileDateTime] => %d | |
| 78 | + [FileSize] => 735 | |
| 79 | + [FileType] => 2 | |
| 80 | + [MimeType] => image/jpeg | |
| 81 | + [SectionsFound] => ANY_TAG, IFD0, WINXP | |
| 82 | + [COMPUTED] => Array | |
| 83 | + ( | |
| 84 | + [html] => width="1" height="1" | |
| 85 | + [Height] => 1 | |
| 86 | + [Width] => 1 | |
| 87 | + [IsColor] => 1 | |
| 88 | + [ByteOrderMotorola] => 1 | |
| 89 | + ) | |
| 90 | + | |
| 91 | + [XResolution] => 96/1 | |
| 92 | + [YResolution] => 96/1 | |
| 93 | + [ResolutionUnit] => 2 | |
| 94 | + [Author] => | |
| 95 | +) |