From 3747cb7efbdf4d2d3cff1088e3f6fb19df291a05 Mon Sep 17 00:00:00 2001
From: Bart Butler <bart.c.butler@gmail.com>
Date: Tue, 12 Jul 2016 17:23:12 -0700
Subject: [PATCH] avoid exif_imagetype exception with small files/corrupt data
 URI

---
 library/HTMLPurifier/URIScheme/data.php |  5 +++++
 tests/HTMLPurifier/URISchemeTest.php    | 10 ++++++++++
 2 files changed, 15 insertions(+)

diff --git a/library/HTMLPurifier/URIScheme/data.php b/library/HTMLPurifier/URIScheme/data.php
index 19321a03..41c49d55 100644
--- a/library/HTMLPurifier/URIScheme/data.php
+++ b/library/HTMLPurifier/URIScheme/data.php
@@ -79,6 +79,11 @@ class HTMLPurifier_URIScheme_data extends HTMLPurifier_URIScheme
         } else {
             $raw_data = $data;
         }
+        if ( strlen($raw_data) < 12 ) {
+            // error; exif_imagetype throws exception with small files,
+            // and this likely indicates a corrupt URI/failed parse anyway
+            return false;
+        }
         // XXX probably want to refactor this into a general mechanism
         // for filtering arbitrary content types
         if (function_exists('sys_get_temp_dir')) {
diff --git a/tests/HTMLPurifier/URISchemeTest.php b/tests/HTMLPurifier/URISchemeTest.php
index 867e845e..cae6edd0 100644
--- a/tests/HTMLPurifier/URISchemeTest.php
+++ b/tests/HTMLPurifier/URISchemeTest.php
@@ -252,6 +252,16 @@ class HTMLPurifier_URISchemeTest extends HTMLPurifier_URIHarness
         $this->assertValidation('ftp:///example.com', false);
     }
 
+    public function test_data_bad_base64()
+    {
+        $this->assertValidation('data:image/png;base64,aGVsbG90aGVyZXk|', false);
+    }
+
+    public function test_data_too_short()
+    {
+        $this->assertValidation('data:image/png;base64,aGVsbG90aGVyZXk=', false);
+    }
+
 }
 
 // vim: et sw=4 sts=4
-- 
2.11.4.GIT