1 diff -Naur php-5.3.29-original/ext/exif/exif.c php-5.3.29/ext/exif/exif.c
2 --- php-5.3.29-original/ext/exif/exif.c 2015-01-25 09:16:22.648788988 +0000
3 +++ php-5.3.29/ext/exif/exif.c 2015-01-25 09:18:41.496792186 +0000
5 static int exif_process_unicode(image_info_type *ImageInfo, xp_field_type *xp_field, int tag, char *szValuePtr, int ByteCount TSRMLS_DC)
9 + xp_field->value = NULL;
10 /* Copy the comment */
12 /* What if MS supports big-endian with XP? */
13 diff -Naur php-5.3.29-original/ext/exif/tests/bug68799.jpg php-5.3.29/ext/exif/tests/bug68799.jpg
14 --- php-5.3.29-original/ext/exif/tests/bug68799.jpg 1970-01-01 00:00:00.000000000 +0000
15 +++ php-5.3.29/ext/exif/tests/bug68799.jpg 2015-01-25 09:17:00.859789868 +0000
17 +ÿØÿà
\0\10JFIF
\0\ 1@ABCDEFGÿá
\0fExif
\0\0MM
\0*
\0\0\0\b\0\ 4\ 1\1a\0\ 5\0\0\0\ 1\0\0\0>
\ 1\e\0\ 5\0\0\0\ 1\0\0\0F
\ 1(
\0\ 3\0\0\0\ 1\0\ 2\0\0\9c\9d\0\ 2\0\0\0\0\0\0\0N
\0\0\0\0\0\0\0`
\0\0\0\ 1\0\0\0`
\0\0\0\ 1paint.net 4.0.3
\0ÿÛ
\0C
\0\ 2\ 1\ 1\ 2\ 1\ 1\ 2\ 2\ 2\ 2\ 2\ 2\ 2\ 2\ 3\ 5\ 3\ 3\ 3\ 3\ 3\ 6\ 4\ 4\ 3\ 5\a\ 6\a\a\a\ 6\a\a\b \v \b\b
21 +
\v\f\f\f\f\a \ e\ f\r\f\ e\v\f\f\fÿÛ
\0C
\ 1\ 2\ 2\ 2\ 3\ 3\ 3\ 6\ 3\ 3\ 6\f\b\a\b\f\f\f\f\f\f\f\f\f\f\f\f\f\f\f\f\f\f\f\f\f\f\f\f\f\f\f\f\f\f\f\f\f\f\f\f\f\f\f\f\f\f\f\f\f\f\f\f\f\fÿÀ
\0\11\b\0\ 1\0\ 1\ 3\ 1"
\0\ 2\11\ 1\ 3\11\ 1ÿÄ
\0\1f\0\0\ 1\ 5\ 1\ 1\ 1\ 1\ 1\ 1\0\0\0\0\0\0\0\0\ 1\ 2\ 3\ 4\ 5\ 6\a\b
22 +
\vÿÄ
\0µ
\10\0\ 2\ 1\ 3\ 3\ 2\ 4\ 3\ 5\ 5\ 4\ 4\0\0\ 1}
\ 1\ 2\ 3\0\ 4\11\ 5\12!1A
\ 6\13Qa
\a"q
\142
\81\91¡
\b#B±Á
\15RÑð$3br
\82
23 +
\16\17\18\19\1a%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz
\83\84\85\86\87\88\89\8a\92\93\94\95\96\97\98\99\9a¢£¤¥¦§¨©ª²³´µ¶·¸¹ºÂÃÄÅÆÇÈÉÊÒÓÔÕÖ×ØÙÚáâãäåæçèéêñòóôõö÷øùúÿÄ
\0\1f\ 1\0\ 3\ 1\ 1\ 1\ 1\ 1\ 1\ 1\ 1\ 1\0\0\0\0\0\0\ 1\ 2\ 3\ 4\ 5\ 6\a\b
24 +
\vÿÄ
\0µ
\11\0\ 2\ 1\ 2\ 4\ 4\ 3\ 4\a\ 5\ 4\ 4\0\ 1\ 2w
\0\ 1\ 2\ 3\11\ 4\ 5!1
\ 6\12AQ
\aaq
\13"2
\81\b\14B
\91¡±Á #3Rð
\15brÑ
25 +
\16$4á%ñ
\17\18\19\1a&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz
\82\83\84\85\86\87\88\89\8a\92\93\94\95\96\97\98\99\9a¢£¤¥¦§¨©ª²³´µ¶·¸¹ºÂÃÄÅÆÇÈÉÊÒÓÔÕÖ×ØÙÚâãäåæçèéêòóôõö÷øùúÿÚ
\0\f\ 3\ 1\0\ 2\11\ 3\11\0?
\0ýü¢
\8a(
\ 3ÿÙ
26 \ No newline at end of file
27 diff -Naur php-5.3.29-original/ext/exif/tests/bug68799.phpt php-5.3.29/ext/exif/tests/bug68799.phpt
28 --- php-5.3.29-original/ext/exif/tests/bug68799.phpt 1970-01-01 00:00:00.000000000 +0000
29 +++ php-5.3.29/ext/exif/tests/bug68799.phpt 2015-01-25 09:17:00.861789868 +0000
32 +Bug #68799 (Free called on unitialized pointer)
34 +<?php if (!extension_loaded('exif')) print 'skip exif extension not available';?>
38 +* Pollute the heap. Helps trigger bug. Sometimes not needed.
41 + function __construct() {
42 + $a = 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAa';
43 + $this->a = $a . $a . $a . $a . $a . $a;
47 +function doStuff ($limit) {
52 + for ($i = 0; $i < $limit; $i++) {
58 + gc_collect_cycles();
63 +doStuff($iterations);
64 +doStuff($iterations);
68 +print_r(exif_read_data(__DIR__.'/bug68799.jpg'));
74 + [FileName] => bug68799.jpg
75 + [FileDateTime] => %d
78 + [MimeType] => image/jpeg
79 + [SectionsFound] => ANY_TAG, IFD0, WINXP
82 + [html] => width="1" height="1"
86 + [ByteOrderMotorola] => 1
89 + [XResolution] => 96/1
90 + [YResolution] => 96/1
91 + [ResolutionUnit] => 2