Backported from 5.6.25 by Remi. Binary patch dropped From 32a629ef2cff754c3dd6cc24eb1e25aeaf439891 Mon Sep 17 00:00:00 2001 From: Stanislav Malyshev Date: Mon, 8 Aug 2016 00:49:34 -0700 Subject: [PATCH] Fixed bug #72627: Memory Leakage In exif_process_IFD_in_TIFF --- ext/exif/exif.c | 5 ++- ext/exif/tests/bug72627.phpt | 71 +++++++++++++++++++++++++++++++++++++++++++ ext/exif/tests/bug72627.tiff | Bin 0 -> 1250 bytes 3 files changed, 75 insertions(+), 1 deletion(-) create mode 100644 ext/exif/tests/bug72627.phpt create mode 100644 ext/exif/tests/bug72627.tiff diff --git a/ext/exif/exif.c b/ext/exif/exif.c index f95de3a..657a2cc1 100644 --- a/ext/exif/exif.c +++ b/ext/exif/exif.c @@ -3778,8 +3778,11 @@ static int exif_process_IFD_in_TIFF(image_info_type *ImageInfo, size_t dir_offse fgot = php_stream_read(ImageInfo->infile, ImageInfo->Thumbnail.data, ImageInfo->Thumbnail.size); if (fgot < ImageInfo->Thumbnail.size) { EXIF_ERRLOG_THUMBEOF(ImageInfo) + efree(ImageInfo->Thumbnail.data); + ImageInfo->Thumbnail.data = NULL; + } else { + exif_thumbnail_build(ImageInfo TSRMLS_CC); } - exif_thumbnail_build(ImageInfo TSRMLS_CC); } #ifdef EXIF_DEBUG exif_error_docref(NULL EXIFERR_CC, ImageInfo, E_NOTICE, "Read next IFD (THUMBNAIL) done");