[gentoo-commits] proj/php-patches:php5.6 commit in: / - gentoo-commits

From:	Brian Evans <grknight@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] proj/php-patches:php5.6 commit in: /
Date:	Thu, 02 May 2019 12:54:37
Message-Id:	`1556801634.61e682ea2f4a7084235b814159f1db1b23878abe.grknight@gentoo`

1

commit:     61e682ea2f4a7084235b814159f1db1b23878abe

2

Author:     Brian Evans <grknight <AT> gentoo <DOT> org>

3

AuthorDate: Thu May  2 12:53:54 2019 +0000

4

Commit:     Brian Evans <grknight <AT> gentoo <DOT> org>

5

CommitDate: Thu May  2 12:53:54 2019 +0000

6

URL:        https://gitweb.gentoo.org/proj/php-patches.git/commit/?id=61e682ea

7

8

Add backports from php 7.1.29

9

10

Signed-off-by: Brian Evans <grknight <AT> gentoo.org>

11

12

 00170_May2019-backports.patch |  52 ++++++++++++++++++++++++++++++++++++++++++

13

 bug77950.tiff                 | Bin 0 -> 1267 bytes

14

 2 files changed, 52 insertions(+)

15

16

diff --git a/00170_May2019-backports.patch b/00170_May2019-backports.patch

17

new file mode 100644

18

index 0000000..463768f

19

--- /dev/null

20

+++ b/00170_May2019-backports.patch

21

@@ -0,0 +1,52 @@

22

+From 7cbf6a0ca98a187be1b31b1e85935319430d9e61 Mon Sep 17 00:00:00 2001

23

+From: Stanislav Malyshev <stas@×××.net>

24

+Date: Mon, 29 Apr 2019 23:38:12 -0700

25

+Subject: [PATCH] Fix bug #77950 - Heap-buffer-overflow in _estrndup via

26

+ exif_process_IFD_TAG

27

+

28

+I do not completely understand what is going on there, but I am pretty

29

+sure dir_entry <= offset_base if not a normal situation, so we better not

30

+to rely on such dir_entry.

31

+

32

+(cherry picked from commit f80ad18afae2230c2c1802c7d829100af646874e)

33

+---

34

+ NEWS                         |  12 ++++++++++--

35

+ ext/exif/exif.c              |   2 +-

36

+ ext/exif/tests/bug77950.phpt |  12 ++++++++++++

37

+ ext/exif/tests/bug77950.tiff | Bin 0 -> 1267 bytes

38

+ 4 files changed, 23 insertions(+), 3 deletions(-)

39

+ create mode 100644 ext/exif/tests/bug77950.phpt

40

+ create mode 100644 ext/exif/tests/bug77950.tiff

41

+

42

+diff --git a/ext/exif/exif.c b/ext/exif/exif.c

43

+index 81cf438a8e..15e091b6c5 100644

44

+--- a/ext/exif/exif.c

45

++++ b/ext/exif/exif.c

46

+@@ -2901,7 +2901,7 @@ static int exif_process_IFD_TAG(image_info_type *ImageInfo, char *dir_entry, cha

47

+             offset_base is ImageInfo->file.list[sn].data-dir_offset

48

+             dir_entry - offset_base is dir_offset+2+i*12

49

+         */

50

+-		if (byte_count > IFDlength || offset_val > IFDlength-byte_count || value_ptr < dir_entry || offset_val < (size_t)(dir_entry-offset_base)) {

51

++		if (byte_count > IFDlength || offset_val > IFDlength-byte_count || value_ptr < dir_entry || offset_val < (size_t)(dir_entry-offset_base) || dir_entry <= offset_base) {

52

+ 			/* It is important to check for IMAGE_FILETYPE_TIFF

53

+ 			 * JPEG does not use absolute pointers instead its pointers are

54

+ 			 * relative to the start of the TIFF header in APP1 section. */

55

+diff --git a/ext/exif/tests/bug77950.phpt b/ext/exif/tests/bug77950.phpt

56

+new file mode 100644

57

+index 0000000000..dc0f3549cb

58

+--- /dev/null

59

++++ b/ext/exif/tests/bug77950.phpt

60

+@@ -0,0 +1,12 @@

61

++--TEST--

62

++Bug #77950 (Heap-buffer-overflow in _estrndup via exif_process_IFD_TAG)

63

++--SKIPIF--

64

++<?php if (!extension_loaded('exif')) print 'skip exif extension not available';?>

65

++--FILE--

66

++<?php

67

++exif_read_data(__DIR__."/bug77950.tiff");

68

++?>

69

++DONE

70

++--EXPECTF--

71

++%A

72

++DONE

73

+\ No newline at end of file

74

75

diff --git a/bug77950.tiff b/bug77950.tiff

76

new file mode 100644

77

index 0000000..5c8250a

78

Binary files /dev/null and b/bug77950.tiff differ

1	commit: 61e682ea2f4a7084235b814159f1db1b23878abe
2	Author: Brian Evans <grknight <AT> gentoo <DOT> org>
3	AuthorDate: Thu May 2 12:53:54 2019 +0000
4	Commit: Brian Evans <grknight <AT> gentoo <DOT> org>
5	CommitDate: Thu May 2 12:53:54 2019 +0000
6	URL: https://gitweb.gentoo.org/proj/php-patches.git/commit/?id=61e682ea
7
8	Add backports from php 7.1.29
9
10	Signed-off-by: Brian Evans <grknight <AT> gentoo.org>
11
12	00170_May2019-backports.patch \| 52 ++++++++++++++++++++++++++++++++++++++++++
13	bug77950.tiff \| Bin 0 -> 1267 bytes
14	2 files changed, 52 insertions(+)
15
16	diff --git a/00170_May2019-backports.patch b/00170_May2019-backports.patch
17	new file mode 100644
18	index 0000000..463768f
19	--- /dev/null
20	+++ b/00170_May2019-backports.patch
21	@@ -0,0 +1,52 @@
22	+From 7cbf6a0ca98a187be1b31b1e85935319430d9e61 Mon Sep 17 00:00:00 2001
23	+From: Stanislav Malyshev <stas@×××.net>
24	+Date: Mon, 29 Apr 2019 23:38:12 -0700
25	+Subject: [PATCH] Fix bug #77950 - Heap-buffer-overflow in _estrndup via
26	+ exif_process_IFD_TAG
27	+
28	+I do not completely understand what is going on there, but I am pretty
29	+sure dir_entry <= offset_base if not a normal situation, so we better not
30	+to rely on such dir_entry.
31	+
32	+(cherry picked from commit f80ad18afae2230c2c1802c7d829100af646874e)
33	+---
34	+ NEWS \| 12 ++++++++++--
35	+ ext/exif/exif.c \| 2 +-
36	+ ext/exif/tests/bug77950.phpt \| 12 ++++++++++++
37	+ ext/exif/tests/bug77950.tiff \| Bin 0 -> 1267 bytes
38	+ 4 files changed, 23 insertions(+), 3 deletions(-)
39	+ create mode 100644 ext/exif/tests/bug77950.phpt
40	+ create mode 100644 ext/exif/tests/bug77950.tiff
41	+
42	+diff --git a/ext/exif/exif.c b/ext/exif/exif.c
43	+index 81cf438a8e..15e091b6c5 100644
44	+--- a/ext/exif/exif.c
45	++++ b/ext/exif/exif.c
46	+@@ -2901,7 +2901,7 @@ static int exif_process_IFD_TAG(image_info_type ImageInfo, char dir_entry, cha
47	+ offset_base is ImageInfo->file.list[sn].data-dir_offset
48	+ dir_entry - offset_base is dir_offset+2+i*12
49	+ */
50	+- if (byte_count > IFDlength \|\| offset_val > IFDlength-byte_count \|\| value_ptr < dir_entry \|\| offset_val < (size_t)(dir_entry-offset_base)) {
51	++ if (byte_count > IFDlength \|\| offset_val > IFDlength-byte_count \|\| value_ptr < dir_entry \|\| offset_val < (size_t)(dir_entry-offset_base) \|\| dir_entry <= offset_base) {
52	+ /* It is important to check for IMAGE_FILETYPE_TIFF
53	+ * JPEG does not use absolute pointers instead its pointers are
54	+ * relative to the start of the TIFF header in APP1 section. */
55	+diff --git a/ext/exif/tests/bug77950.phpt b/ext/exif/tests/bug77950.phpt
56	+new file mode 100644
57	+index 0000000000..dc0f3549cb
58	+--- /dev/null
59	++++ b/ext/exif/tests/bug77950.phpt
60	+@@ -0,0 +1,12 @@
61	++--TEST--
62	++Bug #77950 (Heap-buffer-overflow in _estrndup via exif_process_IFD_TAG)
63	++--SKIPIF--
64	++<?php if (!extension_loaded('exif')) print 'skip exif extension not available';?>
65	++--FILE--
66	++<?php
67	++exif_read_data(__DIR__."/bug77950.tiff");
68	++?>
69	++DONE
70	++--EXPECTF--
71	++%A
72	++DONE
73	+\ No newline at end of file
74
75	diff --git a/bug77950.tiff b/bug77950.tiff
76	new file mode 100644
77	index 0000000..5c8250a
78	Binary files /dev/null and b/bug77950.tiff differ

Gentoo Archives: gentoo-commits