ID: 13213
Updated by: [EMAIL PROTECTED]
Reported By: pulstar at mail dot com
Status: Closed
Bug Type: GetImageSize related
Operating System: Linux RedHat 7.1
PHP Version: 4.1.1
Assigned To: helly
New Comment:
Also see: Bug #25905 getimagesize fail with some jpegs
Previous Comments:
------------------------------------------------------------------------
[2002-03-10 07:15:50] janderk at digitaldutch dot com
I'm the main developer of Arles Image Web Page Creator, the application
that generated those JPEG's with the illegal comment section. I got an
email about this PHP BUG report from a user asking me to repair this
Arles bug.
FYI: It was a bug in an older versions of Arles and has been repaired
in the latest releases. It was actually caused by a bug in the Intel
JPEG library we used at that time.
I'm glad that we could help making PHP more robust in reading corrupted
images ;)
------------------------------------------------------------------------
[2002-03-09 11:04:37] [EMAIL PROTECTED]
Took a closer look on the file.
The promlem is that both photo1 and photo3 have an illegal comment
section. The section is appended by some 0x00 where 0xFF were expected.
As other software ignores the NULLs i will add this to CVS / php4.3
version.
------------------------------------------------------------------------
[2002-03-08 11:44:25] [EMAIL PROTECTED]
The current CVS implementation has been improoved on that.
As you can see from exif's debug warnings. photo1 and photo3 are
illegal. An internal section says it is longer than the file :-(
I could implement handling that but it would blow up code.
I will consider the applied patch...
photo1.jpg
GetImageSize [ , , , ]
exif_read_data exif_read_data returned false
Invalid JPEG/TIFF file: 'photo1.jpg'
21
PHP Warning: error reading from file: got=x3648(=13896) !=
itemlen-2=x4EE1(=20193)
photo2.jpg
GetImageSize [ 640, 480, 2, width="640" height="480" ]
exif_read_data exif_read_data returned false
O.K.
22
photo3.jpg
GetImageSize [ , , , ]
exif_read_data exif_read_data returned false
Invalid JPEG/TIFF file: 'photo3.jpg'
23
PHP Warning: error reading from file: got=x1E3D(=7741) !=
itemlen-2=xF698(=63128)
photo4.jpg
GetImageSize [ 640, 480, 2, width="640" height="480" ]
exif_read_data exif_read_data returned false
O.K.
------------------------------------------------------------------------
[2002-01-22 16:34:48] mul at rentapacs dot com
Solution: Read additional bytes to resync on the marker sequence. If
marker length is too short, nothing is lost. If too long, one marker
will be missing. Besides that APPn in $info array will contain
consistent entries and no bogus markers. Uhm, ... and if the JPEG
format follows the spec and contains correct marker lengths, it will
work also ;-)
This patch against 4.1.1 might do the trick:
--- ext/standard/image.c.orig Sat Aug 11 19:03:37 2001
+++ ext/standard/image.c Tue Jan 22 22:10:42 2002
@@ -253,12 +253,20 @@
/* {{{ php_next_marker
*/
-static unsigned int php_next_marker(int socketd, FILE *fp, int
issock)
+static unsigned int php_next_marker(int socketd, FILE *fp, int issock,
int isfirst)
/* get next marker byte from file */
{
int c;
- /* get marker byte, swallowing possible padding */
+ if (!isfirst) {
+ /* swallow bytes resulting from short marker length */
+ do {
+ if ((c = FP_FGETC(socketd, fp, issock)) ==
EOF)
+ return M_EOI; /* we hit EOF */
+ } while (c != 0xff);
+ }
+
+ /* get marker byte, swallowing possible 0xff padding */
do {
if ((c = FP_FGETC(socketd, fp, issock)) == EOF)
return M_EOI; /* we hit EOF */
@@ -320,12 +328,14 @@
static struct gfxinfo *php_handle_jpeg (int socketd, FILE *fp, int
issock, pval *info)
{
struct gfxinfo *result = NULL;
+ int isfirst = 1; /* First marker after JPEG sig 'FF D8
FF' */
unsigned int marker;
char tmp[2];
unsigned char a[4];
for (;;) {
- marker = php_next_marker(socketd, fp, issock);
+ marker = php_next_marker(socketd, fp, issock,
isfirst);
+ isfirst = 0;
switch (marker) {
case M_SOF0:
case M_SOF1:
------------------------------------------------------------------------
[2002-01-22 13:15:04] mul at rentapacs dot com
Offending images contain COM marker with length parameter two bytes
short. This breaks further decoding of JPEG header - GetImageSize()
cannot return useful information.
------------------------------------------------------------------------
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/13213
--
Edit this bug report at http://bugs.php.net/?id=13213&edit=1
