From 3843f0ecfe1e2f39fe92f2eca6828e1c0710ae9c Mon Sep 17 00:00:00 2001 From: Niels Dossche <7771979+nielsdos@users.noreply.github.com> Date: Sun, 13 Oct 2024 18:02:00 +0200 Subject: [PATCH] Fix GH-16409: Segfault in exif_thumbnail when not dealing with a real file Closes GH-16416. --- NEWS | 4 ++++ ext/exif/exif.c | 2 +- ext/exif/tests/gh16409.phpt | 12 ++++++++++++ 3 files changed, 17 insertions(+), 1 deletion(-) create mode 100644 ext/exif/tests/gh16409.phpt diff --git a/NEWS b/NEWS index 16f369d0749d1..29b53c4b7ff91 100644 --- a/NEWS +++ b/NEWS @@ -17,6 +17,10 @@ PHP NEWS . Fixed bug GH-16316 (DOMXPath breaks when not initialized properly). (nielsdos) +- EXIF: + . Fixed bug GH-16409 (Segfault in exif_thumbnail when not dealing with a + real file). (nielsdos, cmb) + - GD: . Fixed bug GH-16334 (imageaffine overflow on matrix elements). (David Carlier) diff --git a/ext/exif/exif.c b/ext/exif/exif.c index bf5fed01db52f..3081ad9a1b2dd 100644 --- a/ext/exif/exif.c +++ b/ext/exif/exif.c @@ -4419,7 +4419,7 @@ static bool exif_read_from_impl(image_info_type *ImageInfo, php_stream *stream, ImageInfo->FileName = NULL; if (php_stream_is(ImageInfo->infile, PHP_STREAM_IS_STDIO)) { - if (VCWD_STAT(stream->orig_path, &st) >= 0) { + if (stream->orig_path && VCWD_STAT(stream->orig_path, &st) >= 0) { zend_string *base; if ((st.st_mode & S_IFMT) != S_IFREG) { exif_error_docref(NULL EXIFERR_CC, ImageInfo, E_WARNING, "Not a file"); diff --git a/ext/exif/tests/gh16409.phpt b/ext/exif/tests/gh16409.phpt new file mode 100644 index 0000000000000..c2c54d839e011 --- /dev/null +++ b/ext/exif/tests/gh16409.phpt @@ -0,0 +1,12 @@ +--TEST-- +GH-16409 (Segfault in exif_thumbnail when not dealing with a real file) +--EXTENSIONS-- +exif +--FILE-- + +--EXPECTF-- +Warning: exif_thumbnail(): File too small (0) in %s on line %d +bool(false)%A