--- /dev/null
+Adjusted for PHP 5.2.17
+Author: Elan Ruusamäe <glen@pld-linux.org>
+
+From: Stanislav Malyshev <stas@php.net>
+Date: Sun, 11 Jan 2015 08:51:05 +0000 (-0800)
+Subject: Fix bug #68799: Free called on unitialized pointer
+X-Git-Tag: php-5.4.37~5^2
+X-Git-Url: http://72.52.91.13:8000/?p=php-src.git;a=commitdiff_plain;h=2fc178cf448d8e1b95d1314e47eeef610729e0df;hp=f9ad3086693fce680fbe246e4a45aa92edd2ac35
+
+Fix bug #68799: Free called on unitialized pointer
+---
+
+--- php-5.2.17/ext/exif/exif.c~ 2015-02-23 12:38:58.000000000 +0200
++++ php-5.2.17/ext/exif/exif.c 2015-02-23 12:41:41.138901305 +0200
+@@ -2721,6 +2721,7 @@
+ static int exif_process_unicode(image_info_type *ImageInfo, xp_field_type *xp_field, int tag, char *szValuePtr, int ByteCount TSRMLS_DC)
+ {
+ xp_field->tag = tag;
++ xp_field->value = NULL;
+
+ /* Copy the comment */
+ #if EXIF_USE_MBSTRING
+diff --git a/ext/exif/tests/bug68799.jpg b/ext/exif/tests/bug68799.jpg
+new file mode 100644
+index 0000000..acc326d
+Binary files /dev/null and b/ext/exif/tests/bug68799.jpg differ
+diff --git a/ext/exif/tests/bug68799.phpt b/ext/exif/tests/bug68799.phpt
+new file mode 100644
+index 0000000..b09f21c
+--- /dev/null
++++ b/ext/exif/tests/bug68799.phpt
+@@ -0,0 +1,63 @@
++--TEST--
++Bug #68799 (Free called on unitialized pointer)
++--SKIPIF--
++<?php if (!extension_loaded('exif')) print 'skip exif extension not available';?>
++--FILE--
++<?php
++/*
++* Pollute the heap. Helps trigger bug. Sometimes not needed.
++*/
++class A {
++ function __construct() {
++ $a = 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAa';
++ $this->a = $a . $a . $a . $a . $a . $a;
++ }
++};
++
++function doStuff ($limit) {
++
++ $a = new A;
++
++ $b = array();
++ for ($i = 0; $i < $limit; $i++) {
++ $b[$i] = clone $a;
++ }
++
++ unset($a);
++
++ gc_collect_cycles();
++}
++
++$iterations = 3;
++
++doStuff($iterations);
++doStuff($iterations);
++
++gc_collect_cycles();
++
++print_r(exif_read_data(__DIR__.'/bug68799.jpg'));
++
++?>
++--EXPECTF--
++Array
++(
++ [FileName] => bug68799.jpg
++ [FileDateTime] => %d
++ [FileSize] => 735
++ [FileType] => 2
++ [MimeType] => image/jpeg
++ [SectionsFound] => ANY_TAG, IFD0, WINXP
++ [COMPUTED] => Array
++ (
++ [html] => width="1" height="1"
++ [Height] => 1
++ [Width] => 1
++ [IsColor] => 1
++ [ByteOrderMotorola] => 1
++ )
++
++ [XResolution] => 96/1
++ [YResolution] => 96/1
++ [ResolutionUnit] => 2
++ [Author] =>
++)
%define magic_mime /usr/share/misc/magic.mime
%endif
-%define rel 9
+%define rel 10
%define orgname php
%define ver_suffix 52
%define php_suffix %{!?with_default_php:%{ver_suffix}}
Patch73: CVE-2013-6420.patch
Patch74: CVE-2013-4073.patch
Patch75: php-secbug-67498.patch
+Patch76: CVE-2015-0232.patch
# CENTALT patches
# Backport from 5.3.6
Patch311: php-5.3.6-bug-47435.patch
%patch73 -p1
%patch74 -p1
%patch75 -p1
+%patch76 -p1
# Bugfix backport from 5.3.6
%patch311 -p1 -b .bug-47435