1 Adjusted for PHP 5.2.17
2 Author: Elan Ruusamäe <glen@pld-linux.org>
4 From: Stanislav Malyshev <stas@php.net>
5 Date: Sun, 11 Jan 2015 08:51:05 +0000 (-0800)
6 Subject: Fix bug #68799: Free called on unitialized pointer
7 X-Git-Tag: php-5.4.37~5^2
8 X-Git-Url: http://72.52.91.13:8000/?p=php-src.git;a=commitdiff_plain;h=2fc178cf448d8e1b95d1314e47eeef610729e0df;hp=f9ad3086693fce680fbe246e4a45aa92edd2ac35
10 Fix bug #68799: Free called on unitialized pointer
13 --- php-5.2.17/ext/exif/exif.c~ 2015-02-23 12:38:58.000000000 +0200
14 +++ php-5.2.17/ext/exif/exif.c 2015-02-23 12:41:41.138901305 +0200
16 static int exif_process_unicode(image_info_type *ImageInfo, xp_field_type *xp_field, int tag, char *szValuePtr, int ByteCount TSRMLS_DC)
19 + xp_field->value = NULL;
21 /* Copy the comment */
23 diff --git a/ext/exif/tests/bug68799.jpg b/ext/exif/tests/bug68799.jpg
25 index 0000000..acc326d
26 Binary files /dev/null and b/ext/exif/tests/bug68799.jpg differ
27 diff --git a/ext/exif/tests/bug68799.phpt b/ext/exif/tests/bug68799.phpt
29 index 0000000..b09f21c
31 +++ b/ext/exif/tests/bug68799.phpt
34 +Bug #68799 (Free called on unitialized pointer)
36 +<?php if (!extension_loaded('exif')) print 'skip exif extension not available';?>
40 +* Pollute the heap. Helps trigger bug. Sometimes not needed.
43 + function __construct() {
44 + $a = 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAa';
45 + $this->a = $a . $a . $a . $a . $a . $a;
49 +function doStuff ($limit) {
54 + for ($i = 0; $i < $limit; $i++) {
60 + //gc_collect_cycles();
65 +doStuff($iterations);
66 +doStuff($iterations);
68 +//gc_collect_cycles();
70 +print_r(exif_read_data(__DIR__.'/bug68799.jpg'));
76 + [FileName] => bug68799.jpg
77 + [FileDateTime] => %d
80 + [MimeType] => image/jpeg
81 + [SectionsFound] => ANY_TAG, IFD0, WINXP
84 + [html] => width="1" height="1"
88 + [ByteOrderMotorola] => 1
91 + [XResolution] => 96/1
92 + [YResolution] => 96/1
93 + [ResolutionUnit] => 2