[PHP-CVS] cvs: php-src(PHP_5_0) / NEWS /ext/exif exif.c /ext/exif/tests bug34704.jpg bug34704.phpt
helly Sun Oct 9 10:38:08 2005 EDT Added files: (Branch: PHP_5_0) /php-src/ext/exif/tests bug34704.jpg bug34704.phpt Modified files: /php-srcNEWS /php-src/ext/exif exif.c Log: - MFH Bugfix #34704 (Infinite recursion due to corrupt JPEG) http://cvs.php.net/diff.php/php-src/NEWS?r1=1.1760.2.493r2=1.1760.2.494ty=u Index: php-src/NEWS diff -u php-src/NEWS:1.1760.2.493 php-src/NEWS:1.1760.2.494 --- php-src/NEWS:1.1760.2.493 Sun Oct 9 08:41:25 2005 +++ php-src/NEWSSun Oct 9 10:38:06 2005 @@ -6,6 +6,7 @@ values). (Dmitry) - Fixed bug #34787 (SOAP Client not handling boolean types correctly). (Dmitry) - Fixed bug #34723 (array_count_values() strips leading zeroes). (Tony) +- Fixed bug #34704 (Infinite recursion due to corrupt JPEG). (Marcus) - Fixed bug #34678 (__call(), is_callable() and static methods). (Dmitry) - Fixed bug #34643 (wsdl default value has no effect). (Dmitry) - Fixed bug #34617 (zend_deactivate: objects_store used after @@ -17,6 +18,8 @@ - Fixed bug #34453 (parsing http://www.w3.org/2001/xml.xsd exception). (Dmitry) - Fixed bug #34450 (Segfault when calling mysqli_close() in destructor). (Tony) - Fixed bug #34449 (ext/soap: XSD_ANYXML functionality not exposed). (Dmitry) +- Fixed Bug #34243 (ReflectionClass::getDocComment() returns no result). + (Marcus) - Fixed bug #34199 (if($obj)/if(!$obj) inconsistency because of cast handler). (Dmitry, Alex) - Fixed bug #32179 (xmlrpc_encode() segfaults with recursive references). (Tony) http://cvs.php.net/diff.php/php-src/ext/exif/exif.c?r1=1.162.2.9r2=1.162.2.10ty=u Index: php-src/ext/exif/exif.c diff -u php-src/ext/exif/exif.c:1.162.2.9 php-src/ext/exif/exif.c:1.162.2.10 --- php-src/ext/exif/exif.c:1.162.2.9 Fri Aug 5 10:00:47 2005 +++ php-src/ext/exif/exif.c Sun Oct 9 10:38:07 2005 @@ -2,7 +2,7 @@ +--+ | PHP Version 5| +--+ - | Copyright (c) 1997-2004 The PHP Group| + | Copyright (c) 1997-2005 The PHP Group| +--+ | This source file is subject to version 3.0 of the PHP license, | | that is bundled with this package in the file LICENSE, and is| @@ -17,7 +17,7 @@ +--+ */ -/* $Id: exif.c,v 1.162.2.9 2005/08/05 14:00:47 hyanantha Exp $ */ +/* $Id: exif.c,v 1.162.2.10 2005/10/09 14:38:07 helly Exp $ */ /* ToDos * @@ -115,7 +115,7 @@ }; /* }}} */ -#define EXIF_VERSION 1.4 $Id: exif.c,v 1.162.2.9 2005/08/05 14:00:47 hyanantha Exp $ +#define EXIF_VERSION 1.4 $Id: exif.c,v 1.162.2.10 2005/10/09 14:38:07 helly Exp $ /* {{{ PHP_MINFO_FUNCTION */ @@ -3032,6 +3032,12 @@ } } /* +* Ignore IFD2 if it purportedly exists +*/ + if (section_index == SECTION_THUMBNAIL) { + return FALSE; + } + /* * Hack to make it process IDF1 I hope * There are 2 IDFs, the second one holds the keys (0x0201 and 0x0202) to the thumbnail */ http://cvs.php.net/co.php/php-src/ext/exif/tests/bug34704.phpt?r=1.1p=1 Index: php-src/ext/exif/tests/bug34704.phpt +++ php-src/ext/exif/tests/bug34704.phpt --TEST-- Bug # 34704 (Infinite recursion due to corrupt JPEG) --SKIPIF-- ?php if (!extension_loaded('exif')) print 'skip exif extension not available';? --INI-- magic_quotes_runtime=0 output_handler= zlib.output_compression=0 --FILE-- ?php $infile = dirname(__FILE__).'/bug34704.jpg'; var_dump(exif_read_data($infile)); ? ===DONE=== --EXPECT-- array(7) { [FileName]= string(12) bug34704.jpg [FileDateTime]= int(1128866682) [FileSize]= int(9976) [FileType]= int(2) [MimeType]= string(10) image/jpeg [SectionsFound]= string(4) IFD0 [COMPUTED]= array(5) { [html]= string(24) width=386 height=488 [Height]= int(488) [Width]= int(386) [IsColor]= int(1) [ByteOrderMotorola]= int(0) } } ===DONE=== -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_0) / NEWS /ext/exif exif.c
iliaa Tue Feb 1 18:28:31 2005 EDT Modified files: (Branch: PHP_5_0) /php-srcNEWS /php-src/ext/exif exif.c Log: MFH: Fixed bug #31797 (exif_read_data() uses too low nesting limit). http://cvs.php.net/diff.php/php-src/NEWS?r1=1.1760.2.224r2=1.1760.2.225ty=u Index: php-src/NEWS diff -u php-src/NEWS:1.1760.2.224 php-src/NEWS:1.1760.2.225 --- php-src/NEWS:1.1760.2.224 Fri Jan 28 12:37:41 2005 +++ php-src/NEWSTue Feb 1 18:28:30 2005 @@ -15,6 +15,7 @@ is passed. (Tony) - Fixed posix_getsid() posix_getpgid() to return sid pgid instead of true. (Tony) +- Fixed bug #31797 (exif_read_data() uses too low nesting limit). (Ilia) - Fixed bug #31732 (mb_get_info() causes segfault when no parameters specified). (Tony) - Fixed bug #31710 (Wrong return values for mysqli_autocommit/commit/rollback). http://cvs.php.net/diff.php/php-src/ext/exif/exif.c?r1=1.162.2.3r2=1.162.2.4ty=u Index: php-src/ext/exif/exif.c diff -u php-src/ext/exif/exif.c:1.162.2.3 php-src/ext/exif/exif.c:1.162.2.4 --- php-src/ext/exif/exif.c:1.162.2.3 Fri Jan 21 18:59:55 2005 +++ php-src/ext/exif/exif.c Tue Feb 1 18:28:31 2005 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: exif.c,v 1.162.2.3 2005/01/21 23:59:55 andrei Exp $ */ +/* $Id: exif.c,v 1.162.2.4 2005/02/01 23:28:31 iliaa Exp $ */ /* ToDos * @@ -93,7 +93,7 @@ #define EFREE_IF(ptr) if (ptr) efree(ptr) -#define MAX_IFD_NESTING_LEVEL 5 +#define MAX_IFD_NESTING_LEVEL 25 static ZEND_BEGIN_ARG_INFO(exif_thumbnail_force_ref, 1) @@ -112,7 +112,7 @@ }; /* }}} */ -#define EXIF_VERSION 1.4 $Id: exif.c,v 1.162.2.3 2005/01/21 23:59:55 andrei Exp $ +#define EXIF_VERSION 1.4 $Id: exif.c,v 1.162.2.4 2005/02/01 23:28:31 iliaa Exp $ /* {{{ PHP_MINFO_FUNCTION */ -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_0) / NEWS /ext/exif exif.c
andrei Fri Jan 21 18:59:55 2005 EDT Modified files: (Branch: PHP_5_0) /php-srcNEWS /php-src/ext/exif exif.c Log: MFB (bugfix for 28451) http://cvs.php.net/diff.php/php-src/NEWS?r1=1.1760.2.202r2=1.1760.2.203ty=u Index: php-src/NEWS diff -u php-src/NEWS:1.1760.2.202 php-src/NEWS:1.1760.2.203 --- php-src/NEWS:1.1760.2.202 Thu Jan 20 13:42:40 2005 +++ php-src/NEWSFri Jan 21 18:59:55 2005 @@ -1,6 +1,8 @@ PHPNEWS ||| ?? ??? 2005, PHP 5.0.4 +- Fixed bug #28451 (corupt EXIF headers have unlimited recursive IFD directory + entries). (Andrei) - Added Oracle Instant Client support. (cjbj at hotmail dot com, Tony) - Added length and charsetnr for field array and object in mysqli. (Georg) - Changed phpize not to require automake and libtool. (Jani) http://cvs.php.net/diff.php/php-src/ext/exif/exif.c?r1=1.162.2.2r2=1.162.2.3ty=u Index: php-src/ext/exif/exif.c diff -u php-src/ext/exif/exif.c:1.162.2.2 php-src/ext/exif/exif.c:1.162.2.3 --- php-src/ext/exif/exif.c:1.162.2.2 Tue Nov 9 20:44:28 2004 +++ php-src/ext/exif/exif.c Fri Jan 21 18:59:55 2005 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: exif.c,v 1.162.2.2 2004/11/10 01:44:28 iliaa Exp $ */ +/* $Id: exif.c,v 1.162.2.3 2005/01/21 23:59:55 andrei Exp $ */ /* ToDos * @@ -93,12 +93,13 @@ #define EFREE_IF(ptr) if (ptr) efree(ptr) +#define MAX_IFD_NESTING_LEVEL 5 + static ZEND_BEGIN_ARG_INFO(exif_thumbnail_force_ref, 1) ZEND_ARG_PASS_INFO(0) ZEND_END_ARG_INFO(); - /* {{{ exif_functions[] */ function_entry exif_functions[] = { @@ -111,7 +112,7 @@ }; /* }}} */ -#define EXIF_VERSION 1.4 $Id: exif.c,v 1.162.2.2 2004/11/10 01:44:28 iliaa Exp $ +#define EXIF_VERSION 1.4 $Id: exif.c,v 1.162.2.3 2005/01/21 23:59:55 andrei Exp $ /* {{{ PHP_MINFO_FUNCTION */ @@ -1442,6 +1443,7 @@ /* for parsing */ int read_thumbnail; int read_all; + int ifd_nesting_level; /* internal */ file_section_list file; } image_info_type; @@ -2711,6 +2713,13 @@ size_t byte_count, offset_val, fpos, fgot; xp_field_type *tmp_xp; + /* Protect against corrupt headers */ + if (ImageInfo-ifd_nesting_level MAX_IFD_NESTING_LEVEL) { + exif_error_docref(exif_read_data#error_ifd TSRMLS_CC, ImageInfo, E_WARNING, corrupt EXIF header: maximum directory nesting level reached); + return FALSE; + } + ImageInfo-ifd_nesting_level++; + tag = php_ifd_get16u(dir_entry, ImageInfo-motorola_intel); format = php_ifd_get16u(dir_entry+2, ImageInfo-motorola_intel); components = php_ifd_get32u(dir_entry+4, ImageInfo-motorola_intel); @@ -3739,6 +3748,8 @@ } } + ImageInfo-ifd_nesting_level = 0; + /* Scan the JPEG headers. */ ret = exif_scan_FILE_header(ImageInfo TSRMLS_CC); -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_0) / NEWS /ext/exif exif.c
helly Thu Nov 4 15:15:39 2004 EDT Modified files: (Branch: PHP_5_0) /php-src/ext/exif exif.c /php-srcNEWS Log: MFH Bug #30627 http://cvs.php.net/diff.php/php-src/ext/exif/exif.c?r1=1.162r2=1.162.2.1ty=u Index: php-src/ext/exif/exif.c diff -u php-src/ext/exif/exif.c:1.162 php-src/ext/exif/exif.c:1.162.2.1 --- php-src/ext/exif/exif.c:1.162 Tue Mar 16 15:58:01 2004 +++ php-src/ext/exif/exif.c Thu Nov 4 15:15:38 2004 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: exif.c,v 1.162 2004/03/16 20:58:01 derick Exp $ */ +/* $Id: exif.c,v 1.162.2.1 2004/11/04 20:15:38 helly Exp $ */ /* ToDos * @@ -111,7 +111,7 @@ }; /* }}} */ -#define EXIF_VERSION 1.4 $Id: exif.c,v 1.162 2004/03/16 20:58:01 derick Exp $ +#define EXIF_VERSION 1.4 $Id: exif.c,v 1.162.2.1 2004/11/04 20:15:38 helly Exp $ /* {{{ PHP_MINFO_FUNCTION */ @@ -2734,7 +2734,7 @@ // JPEG does not use absolute pointers instead its pointers are relative to the start // of the TIFF header in APP1 section. */ - if (offset_val+byte_countImageInfo-FileSize || (ImageInfo-FileType!=IMAGE_FILETYPE_TIFF_II ImageInfo-FileType!=IMAGE_FILETYPE_TIFF_MM)) { + if (offset_val+byte_countImageInfo-FileSize || (ImageInfo-FileType!=IMAGE_FILETYPE_TIFF_II ImageInfo-FileType!=IMAGE_FILETYPE_TIFF_MM ImageInfo-FileType!=IMAGE_FILETYPE_JPEG)) { if (value_ptr dir_entry) { /* we can read this if offset_val 0 */ /* some files have their values in other parts of the file */ http://cvs.php.net/diff.php/php-src/NEWS?r1=1.1760.2.115r2=1.1760.2.116ty=u Index: php-src/NEWS diff -u php-src/NEWS:1.1760.2.115 php-src/NEWS:1.1760.2.116 --- php-src/NEWS:1.1760.2.115 Thu Nov 4 10:29:53 2004 +++ php-src/NEWSThu Nov 4 15:15:38 2004 @@ -1,15 +1,17 @@ PHPNEWS ||| ?? ??? 2004, PHP 5.0.3 -- Fixed bug #30685 (Malformed SOAPClient http header reequest). (Dmitry) -- Fixed bug #30645 (def. multi result set support for mysql_connect). (Georg) - Fixed error handling in mysqli_multi_query. (Georg) - Fixed a problem with SPL iterators aggregating the innner iterator. (Marcus) - Extended the functionality of is_subclass_of() to accept either a class name or an object as first parameter. (Andrey) - Fixed potential problems with unserializing invalid serialize data. (Marcus) +- Fixed bug #30685 (Malformed SOAPClient http header reequest). (Dmitry) +- Fixed bug #30672 (Problem handling exif data in jpeg images at unusual + places). (Marcus) - Fixed bug #30658 (Ensure that temporary files created by GD are removed). (Ilia) +- Fixed bug #30645 (def. multi result set support for mysql_connect). (Georg) - Fixed bug #30572 (crash when comparing SimpleXML attribute to a boolean). (Andi) - Fixed bug #30475 (curl_getinfo() may crash in some situations). (Ilia) -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php