helly Thu Feb 24 15:54:18 2005 EDT
Modified files: (Branch: PHP_4_3)
/php-src/ext/standard image.c
Log:
- MFH
http://cvs.php.net/diff.php/php-src/ext/standard/image.c?r1=1.72.2.15&r2=1.72.2.16&ty=u
Index: php-src/ext/standard/image.c
diff -u php-src/ext/standard/image.c:1.72.2.15
php-src/ext/standard/image.c:1.72.2.16
--- php-src/ext/standard/image.c:1.72.2.15 Mon Oct 4 16:44:07 2004
+++ php-src/ext/standard/image.c Thu Feb 24 15:54:18 2005
@@ -17,7 +17,7 @@
+----------------------------------------------------------------------+
*/
-/* $Id: image.c,v 1.72.2.15 2004/10/04 20:44:07 iliaa Exp $ */
+/* $Id: image.c,v 1.72.2.16 2005/02/24 20:54:18 helly Exp $ */
#include "php.h"
#include <stdio.h>
@@ -363,7 +363,7 @@
/* just return 0 if we hit the end-of-file */
if((php_stream_read(stream, a, sizeof(a))) <= 0) return 0;
- return (((unsigned short) a[ 0 ]) << 8) + ((unsigned short) a[ 1 ]);
+ return (((unsigned short)a[0]) << 8) + ((unsigned short)a[1]);
}
/* }}} */
@@ -374,7 +374,7 @@
int a=0, marker;
/* get marker byte, swallowing possible padding
*/
- if ( last_marker==M_COM && comment_correction) {
+ if (last_marker==M_COM && comment_correction) {
/* some software does not count the length bytes of COM section
*/
/* one company doing so is very much envolved in JPEG... so we
accept too */
/* by the way: some of those companies changed their code
now... */
@@ -383,7 +383,7 @@
last_marker = 0;
comment_correction = 0;
}
- if ( ff_read) {
+ if (ff_read) {
a = 1; /* already read 0xff in filetype detection */
}
do {
@@ -391,9 +391,9 @@
{
return M_EOI;/* we hit EOF */
}
- if ( last_marker==M_COM && comment_correction>0)
+ if (last_marker==M_COM && comment_correction>0)
{
- if ( marker != 0xFF)
+ if (marker != 0xFF)
{
marker = 0xff;
comment_correction--;
@@ -401,14 +401,14 @@
last_marker = M_PSEUDO; /* stop skipping non
0xff for M_COM */
}
}
- if ( ++a > 10)
+ if (++a > 10)
{
/* who knows the maxim amount of 0xff? though 7 */
/* but found other implementations */
return M_EOI;
}
- } while ( marker == 0xff);
- if ( a < 2)
+ } while (marker == 0xff);
+ if (a < 2)
{
return M_EOI; /* at least one 0xff is needed before marker code
*/
}
@@ -422,35 +422,39 @@
/* {{{ php_skip_variable
* skip over a variable-length block; assumes proper length marker */
-static void php_skip_variable(php_stream * stream TSRMLS_DC)
+static int php_skip_variable(php_stream * stream TSRMLS_DC)
{
off_t length = ((unsigned int)php_read2(stream TSRMLS_CC));
- length = length-2;
- if (length)
- {
- php_stream_seek(stream, (long)length, SEEK_CUR);
+ if (length < 2) {
+ return 0;
}
+ length = length - 2;
+ php_stream_seek(stream, (long)length, SEEK_CUR);
+ return 1;
}
/* }}} */
/* {{{ php_read_APP
*/
-static void php_read_APP(php_stream * stream, unsigned int marker, zval *info
TSRMLS_DC)
+static int php_read_APP(php_stream * stream, unsigned int marker, zval *info
TSRMLS_DC)
{
unsigned short length;
unsigned char *buffer;
- unsigned char markername[ 16 ];
+ unsigned char markername[16];
zval *tmp;
length = php_read2(stream TSRMLS_CC);
+ if (length < 2) {
+ return 0;
+ }
length -= 2; /* length includes itself */
buffer = emalloc(length);
if (php_stream_read(stream, buffer, (long) length) <= 0) {
efree(buffer);
- return;
+ return 0;
}
sprintf(markername, "APP%d", marker - M_APP0);
@@ -461,6 +465,7 @@
}
efree(buffer);
+ return 1;
}
/* }}} */
@@ -497,12 +502,16 @@
result->height = php_read2(stream
TSRMLS_CC);
result->width = php_read2(stream
TSRMLS_CC);
result->channels =
php_stream_getc(stream);
- if (!info || length<8) /* if we don't
want an extanded info -> return */
+ if (!info || length < 8) { /* if we
don't want an extanded info -> return */
return result;
- if (php_stream_seek(stream, length-8,
SEEK_CUR)) /* file error after info */
+ }
+ if (php_stream_seek(stream, length - 8,
SEEK_CUR)) { /* file error after info */
return result;
+ }
} else {
- php_skip_variable(stream TSRMLS_CC);
+ if (!php_skip_variable(stream
TSRMLS_CC)) {
+ return result;
+ }
}
break;
@@ -523,9 +532,13 @@
case M_APP14:
case M_APP15:
if (info) {
- php_read_APP(stream, marker, info
TSRMLS_CC); /* read all the app markes... */
+ if (!php_read_APP(stream, marker, info
TSRMLS_CC)) { /* read all the app markes... */
+ return result;
+ }
} else {
- php_skip_variable(stream TSRMLS_CC);
+ if (!php_skip_variable(stream
TSRMLS_CC)) {
+ return result;
+ }
}
break;
@@ -534,7 +547,9 @@
return result; /* we're about to hit image
data, or are at EOF. stop processing. */
default:
- php_skip_variable(stream TSRMLS_CC);
/* anything else isn't interesting */
+ if (!php_skip_variable(stream TSRMLS_CC)) { /*
anything else isn't interesting */
+ return result;
+ }
break;
}
}
@@ -616,14 +631,25 @@
result->height = php_read4(stream TSRMLS_CC); /* Xsiz */
result->width = php_read4(stream TSRMLS_CC); /* Ysiz */
+#if MBO_0
dummy_int = php_read4(stream TSRMLS_CC); /* XOsiz */
dummy_int = php_read4(stream TSRMLS_CC); /* YOsiz */
dummy_int = php_read4(stream TSRMLS_CC); /* XTsiz */
dummy_int = php_read4(stream TSRMLS_CC); /* YTsiz */
dummy_int = php_read4(stream TSRMLS_CC); /* XTOsiz */
dummy_int = php_read4(stream TSRMLS_CC); /* YTOsiz */
+#else
+ if (php_stream_seek(stream, 24, SEEK_CUR)) {
+ efree(result);
+ return NULL;
+ }
+#endif
result->channels = php_read2(stream TSRMLS_CC); /* Csiz */
+ if (result->channels < 0 || result->channels > 256) {
+ efree(result);
+ return NULL;
+ }
/* Collect bit depth info */
highest_bit_depth = bit_depth = 0;
@@ -686,7 +712,9 @@
}
/* Skip over LBox (Which includes both TBox and LBox itself */
- php_stream_seek(stream, box_length - 8, SEEK_CUR);
+ if (php_stream_seek(stream, box_length - 8, SEEK_CUR)) {
+ break;
+ }
}
if (result == NULL) {
@@ -849,43 +877,49 @@
*/
static struct gfxinfo *php_handle_iff(php_stream * stream TSRMLS_DC)
{
- struct gfxinfo *result = NULL;
+ struct gfxinfo * result;
unsigned char a[10];
int chunkId;
int size;
+ short width, height, bits;
- if (php_stream_read(stream, a, 8) != 8)
+ if (php_stream_read(stream, a, 8) != 8) {
return NULL;
- if (strncmp(a+4, "ILBM", 4) && strncmp(a+4, "PBM ", 4))
+ }
+ if (strncmp(a+4, "ILBM", 4) && strncmp(a+4, "PBM ", 4)) {
return NULL;
-
- result = (struct gfxinfo *) ecalloc(1, sizeof(struct gfxinfo));
+ }
/* loop chunks to find BMHD chunk */
do {
if (php_stream_read(stream, a, 8) != 8) {
- efree(result);
return NULL;
}
chunkId = php_ifd_get32s(a+0, 1);
size = php_ifd_get32s(a+4, 1);
+ if (size < 0) {
+ return NULL;
+ }
if ((size & 1) == 1) {
size++;
}
if (chunkId == 0x424d4844) { /* BMHD chunk */
- if (php_stream_read(stream, a, 9) != 9) {
- efree(result);
+ if (size < 9 || php_stream_read(stream, a, 9) != 9) {
return NULL;
}
- result->width = php_ifd_get16s(a+0, 1);
- result->height = php_ifd_get16s(a+2, 1);
- result->bits = a[8] & 0xff;
+ width = php_ifd_get16s(a+0, 1);
+ height = php_ifd_get16s(a+2, 1);
+ bits = a[8] & 0xff;
+ if (width > 0 && height > 0 && bits > 0 && bits < 33) {
+ result = (struct gfxinfo *) ecalloc(1,
sizeof(struct gfxinfo));
+ result->width = width;
+ result->height = height;
+ result->bits = bits;
result->channels = 0;
- if (result->width > 0 && result->height > 0 &&
result->bits > 0 && result->bits < 33)
return result;
+ }
} else {
if (php_stream_seek(stream, size, SEEK_CUR)) {
- efree(result);
return NULL;
}
}
@@ -1230,11 +1264,14 @@
case IMAGE_FILETYPE_SWF:
result = php_handle_swf(stream TSRMLS_CC);
break;
-#if HAVE_ZLIB && !defined(COMPILE_DL_ZLIB)
case IMAGE_FILETYPE_SWC:
+#if HAVE_ZLIB && !defined(COMPILE_DL_ZLIB)
result = php_handle_swc(stream TSRMLS_CC);
- break;
+#else
+ php_error_docref(NULL TSRMLS_CC, E_NOTICE, "The image
is a compressed SWF file, but you do not have a static version of the zlib
extension enabled.");
+
#endif
+ break;
case IMAGE_FILETYPE_PSD:
result = php_handle_psd(stream TSRMLS_CC);
break;
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
