ID: 27674
Updated by: [EMAIL PROTECTED]
Reported By: xuefer at 21cn dot com
Status: Closed
Bug Type: GetImageSize related
-Operating System: winxp/linux
+Operating System: *
-PHP Version: 4.3.5RC4
+PHP Version: 4.3.5
New Comment:
Where does the 50MByte const come from, a guess?
Previous Comments:
------------------------------------------------------------------------
[2004-03-26 22:09:42] xuefer at 21cn dot com
this bug may be "can't reproduce" not "closed"
this is the "fix" with testing code
Index: ext/standard/image.c
===================================================================
RCS file: /repository/php-src/ext/standard/image.c,v
retrieving revision 1.72.2.13
diff -u -r1.72.2.13 image.c
--- ext/standard/image.c 12 Nov 2003 22:56:09 -0000
1.72.2.13
+++ ext/standard/image.c 27 Mar 2004 03:11:00 -0000
@@ -196,8 +196,8 @@
long bits;
unsigned char a[64];
- unsigned long len=64, szlength;
- int factor=1,maxfactor=16;
+ unsigned long len=64, szlength, maxlength = 50*1024*1024;
+ int factor=1,maxfactor=8;
int slength, status=0;
char *b, *buf=NULL, *bufz=NULL;
@@ -226,8 +226,13 @@
do {
szlength=slength*(1<<factor++);
+ if (szlength > maxlength) {
+ break;
+ }
+ printf("szlength: %d\n", szlength);
buf = (char *) erealloc(buf,szlength);
status = uncompress(buf, &szlength, bufz,
slength);
+ printf("status: %d\n", (int) (status ==
Z_BUF_ERROR));
} while ((status==Z_BUF_ERROR)&&(factor<maxfactor));
if (bufz) {
$ make && ./sapi/cli/php -r "var_dump(getimagesize('125-bad.swf'));"
Build complete.
(It is safe to ignore warnings about tempnam and tmpnam).
szlength: 2229880
status: 1
szlength: 4459760
status: 1
szlength: 8919520
status: 1
szlength: 17839040
status: 1
szlength: 35678080
status: 1
bool(false)
------------------------------------------------------------------------
[2004-03-26 13:45:53] [EMAIL PROTECTED]
Both PHP4 (4.3.5) and PHP5 CVS return false with the given
file.
------------------------------------------------------------------------
[2004-03-26 09:59:25] xuefer at 21cn dot com
the above test verified for php4.3.5
phpinfo() under linux:
zlib
ZLib Support => enabled
Compiled Version => 1.1.4
Linked Version => 1.1.4
but when i compile cvs version of php5, it just works
./configure --disable-all --disable-cgi
make
./sapi/cli/php -r 'var_dump(getimagesize("125-bad.swf"));'
outputs: bool(false)
------------------------------------------------------------------------
[2004-03-26 09:11:06] xuefer at 21cn dot com
more detail:
under xp
it eat more and more memory
under linux cli:
$ php -r "getimagesize('./125-bad.swf');"
FATAL: erealloc(): Unable to allocate -2011570176 bytes
under linux apache: it crash
------------------------------------------------------------------------
[2004-03-25 10:28:56] [EMAIL PROTECTED]
With PHP 4.3.5 I get a return value of false instantly and
no large memory allocation problems you describe.
------------------------------------------------------------------------
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/27674
--
Edit this bug report at http://bugs.php.net/?id=27674&edit=1
