ID: 27674 Updated by: [EMAIL PROTECTED] Reported By: xuefer at 21cn dot com Status: Closed Bug Type: GetImageSize related -Operating System: winxp/linux +Operating System: * -PHP Version: 4.3.5RC4 +PHP Version: 4.3.5 New Comment:
Where does the 50MByte const come from, a guess? Previous Comments: ------------------------------------------------------------------------ [2004-03-26 22:09:42] xuefer at 21cn dot com this bug may be "can't reproduce" not "closed" this is the "fix" with testing code Index: ext/standard/image.c =================================================================== RCS file: /repository/php-src/ext/standard/image.c,v retrieving revision 1.72.2.13 diff -u -r1.72.2.13 image.c --- ext/standard/image.c 12 Nov 2003 22:56:09 -0000 1.72.2.13 +++ ext/standard/image.c 27 Mar 2004 03:11:00 -0000 @@ -196,8 +196,8 @@ long bits; unsigned char a[64]; - unsigned long len=64, szlength; - int factor=1,maxfactor=16; + unsigned long len=64, szlength, maxlength = 50*1024*1024; + int factor=1,maxfactor=8; int slength, status=0; char *b, *buf=NULL, *bufz=NULL; @@ -226,8 +226,13 @@ do { szlength=slength*(1<<factor++); + if (szlength > maxlength) { + break; + } + printf("szlength: %d\n", szlength); buf = (char *) erealloc(buf,szlength); status = uncompress(buf, &szlength, bufz, slength); + printf("status: %d\n", (int) (status == Z_BUF_ERROR)); } while ((status==Z_BUF_ERROR)&&(factor<maxfactor)); if (bufz) { $ make && ./sapi/cli/php -r "var_dump(getimagesize('125-bad.swf'));" Build complete. (It is safe to ignore warnings about tempnam and tmpnam). szlength: 2229880 status: 1 szlength: 4459760 status: 1 szlength: 8919520 status: 1 szlength: 17839040 status: 1 szlength: 35678080 status: 1 bool(false) ------------------------------------------------------------------------ [2004-03-26 13:45:53] [EMAIL PROTECTED] Both PHP4 (4.3.5) and PHP5 CVS return false with the given file. ------------------------------------------------------------------------ [2004-03-26 09:59:25] xuefer at 21cn dot com the above test verified for php4.3.5 phpinfo() under linux: zlib ZLib Support => enabled Compiled Version => 1.1.4 Linked Version => 1.1.4 but when i compile cvs version of php5, it just works ./configure --disable-all --disable-cgi make ./sapi/cli/php -r 'var_dump(getimagesize("125-bad.swf"));' outputs: bool(false) ------------------------------------------------------------------------ [2004-03-26 09:11:06] xuefer at 21cn dot com more detail: under xp it eat more and more memory under linux cli: $ php -r "getimagesize('./125-bad.swf');" FATAL: erealloc(): Unable to allocate -2011570176 bytes under linux apache: it crash ------------------------------------------------------------------------ [2004-03-25 10:28:56] [EMAIL PROTECTED] With PHP 4.3.5 I get a return value of false instantly and no large memory allocation problems you describe. ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/27674 -- Edit this bug report at http://bugs.php.net/?id=27674&edit=1