ID: 27674
User updated by: xuefer at 21cn dot com
Reported By: xuefer at 21cn dot com
Status: Closed
Bug Type: GetImageSize related
Operating System: *
PHP Version: 4.3.5
New Comment:
yes, just a guess
because no matter how much memory it alloc, uncompress() just return
Z_BUF_ERROR
i don't know why this swf is bad, it plays ok in stand alone
flashplayer and ie browser
by the way, when i test it with a "good" swf, the part of erealloc()
don't even executed. In another word, the first uncompress:
if (uncompress(b, &len, a, sizeof(a)) != Z_OK) {
is Z_OK
Previous Comments:
------------------------------------------------------------------------
[2004-03-27 05:58:53] [EMAIL PROTECTED]
Where does the 50MByte const come from, a guess?
------------------------------------------------------------------------
[2004-03-26 22:09:42] xuefer at 21cn dot com
this bug may be "can't reproduce" not "closed"
this is the "fix" with testing code
Index: ext/standard/image.c
===================================================================
RCS file: /repository/php-src/ext/standard/image.c,v
retrieving revision 1.72.2.13
diff -u -r1.72.2.13 image.c
--- ext/standard/image.c 12 Nov 2003 22:56:09 -0000
1.72.2.13
+++ ext/standard/image.c 27 Mar 2004 03:11:00 -0000
@@ -196,8 +196,8 @@
long bits;
unsigned char a[64];
- unsigned long len=64, szlength;
- int factor=1,maxfactor=16;
+ unsigned long len=64, szlength, maxlength = 50*1024*1024;
+ int factor=1,maxfactor=8;
int slength, status=0;
char *b, *buf=NULL, *bufz=NULL;
@@ -226,8 +226,13 @@
do {
szlength=slength*(1<<factor++);
+ if (szlength > maxlength) {
+ break;
+ }
+ printf("szlength: %d\n", szlength);
buf = (char *) erealloc(buf,szlength);
status = uncompress(buf, &szlength, bufz,
slength);
+ printf("status: %d\n", (int) (status ==
Z_BUF_ERROR));
} while ((status==Z_BUF_ERROR)&&(factor<maxfactor));
if (bufz) {
$ make && ./sapi/cli/php -r "var_dump(getimagesize('125-bad.swf'));"
Build complete.
(It is safe to ignore warnings about tempnam and tmpnam).
szlength: 2229880
status: 1
szlength: 4459760
status: 1
szlength: 8919520
status: 1
szlength: 17839040
status: 1
szlength: 35678080
status: 1
bool(false)
------------------------------------------------------------------------
[2004-03-26 13:45:53] [EMAIL PROTECTED]
Both PHP4 (4.3.5) and PHP5 CVS return false with the given
file.
------------------------------------------------------------------------
[2004-03-26 09:59:25] xuefer at 21cn dot com
the above test verified for php4.3.5
phpinfo() under linux:
zlib
ZLib Support => enabled
Compiled Version => 1.1.4
Linked Version => 1.1.4
but when i compile cvs version of php5, it just works
./configure --disable-all --disable-cgi
make
./sapi/cli/php -r 'var_dump(getimagesize("125-bad.swf"));'
outputs: bool(false)
------------------------------------------------------------------------
[2004-03-26 09:11:06] xuefer at 21cn dot com
more detail:
under xp
it eat more and more memory
under linux cli:
$ php -r "getimagesize('./125-bad.swf');"
FATAL: erealloc(): Unable to allocate -2011570176 bytes
under linux apache: it crash
------------------------------------------------------------------------
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/27674
--
Edit this bug report at http://bugs.php.net/?id=27674&edit=1
