[PHP-CVS] cvs: php-src(PHP_5_0) / NEWS /ext/exif exif.c /ext/exif/tests bug34704.jpg bug34704.phpt
helly Sun Oct 9 10:38:08 2005 EDT
Added files: (Branch: PHP_5_0)
/php-src/ext/exif/tests bug34704.jpg bug34704.phpt
Modified files:
/php-srcNEWS
/php-src/ext/exif exif.c
Log:
- MFH Bugfix #34704 (Infinite recursion due to corrupt JPEG)
http://cvs.php.net/diff.php/php-src/NEWS?r1=1.1760.2.493r2=1.1760.2.494ty=u
Index: php-src/NEWS
diff -u php-src/NEWS:1.1760.2.493 php-src/NEWS:1.1760.2.494
--- php-src/NEWS:1.1760.2.493 Sun Oct 9 08:41:25 2005
+++ php-src/NEWSSun Oct 9 10:38:06 2005
@@ -6,6 +6,7 @@
values). (Dmitry)
- Fixed bug #34787 (SOAP Client not handling boolean types correctly). (Dmitry)
- Fixed bug #34723 (array_count_values() strips leading zeroes). (Tony)
+- Fixed bug #34704 (Infinite recursion due to corrupt JPEG). (Marcus)
- Fixed bug #34678 (__call(), is_callable() and static methods). (Dmitry)
- Fixed bug #34643 (wsdl default value has no effect). (Dmitry)
- Fixed bug #34617 (zend_deactivate: objects_store used after
@@ -17,6 +18,8 @@
- Fixed bug #34453 (parsing http://www.w3.org/2001/xml.xsd exception). (Dmitry)
- Fixed bug #34450 (Segfault when calling mysqli_close() in destructor). (Tony)
- Fixed bug #34449 (ext/soap: XSD_ANYXML functionality not exposed). (Dmitry)
+- Fixed Bug #34243 (ReflectionClass::getDocComment() returns no result).
+ (Marcus)
- Fixed bug #34199 (if($obj)/if(!$obj) inconsistency because of cast handler).
(Dmitry, Alex)
- Fixed bug #32179 (xmlrpc_encode() segfaults with recursive references).
(Tony)
http://cvs.php.net/diff.php/php-src/ext/exif/exif.c?r1=1.162.2.9r2=1.162.2.10ty=u
Index: php-src/ext/exif/exif.c
diff -u php-src/ext/exif/exif.c:1.162.2.9 php-src/ext/exif/exif.c:1.162.2.10
--- php-src/ext/exif/exif.c:1.162.2.9 Fri Aug 5 10:00:47 2005
+++ php-src/ext/exif/exif.c Sun Oct 9 10:38:07 2005
@@ -2,7 +2,7 @@
+--+
| PHP Version 5|
+--+
- | Copyright (c) 1997-2004 The PHP Group|
+ | Copyright (c) 1997-2005 The PHP Group|
+--+
| This source file is subject to version 3.0 of the PHP license, |
| that is bundled with this package in the file LICENSE, and is|
@@ -17,7 +17,7 @@
+--+
*/
-/* $Id: exif.c,v 1.162.2.9 2005/08/05 14:00:47 hyanantha Exp $ */
+/* $Id: exif.c,v 1.162.2.10 2005/10/09 14:38:07 helly Exp $ */
/* ToDos
*
@@ -115,7 +115,7 @@
};
/* }}} */
-#define EXIF_VERSION 1.4 $Id: exif.c,v 1.162.2.9 2005/08/05 14:00:47
hyanantha Exp $
+#define EXIF_VERSION 1.4 $Id: exif.c,v 1.162.2.10 2005/10/09 14:38:07 helly
Exp $
/* {{{ PHP_MINFO_FUNCTION
*/
@@ -3032,6 +3032,12 @@
}
}
/*
+* Ignore IFD2 if it purportedly exists
+*/
+ if (section_index == SECTION_THUMBNAIL) {
+ return FALSE;
+ }
+ /*
* Hack to make it process IDF1 I hope
* There are 2 IDFs, the second one holds the keys (0x0201 and 0x0202)
to the thumbnail
*/
http://cvs.php.net/co.php/php-src/ext/exif/tests/bug34704.phpt?r=1.1p=1
Index: php-src/ext/exif/tests/bug34704.phpt
+++ php-src/ext/exif/tests/bug34704.phpt
--TEST--
Bug # 34704 (Infinite recursion due to corrupt JPEG)
--SKIPIF--
?php if (!extension_loaded('exif')) print 'skip exif extension not
available';?
--INI--
magic_quotes_runtime=0
output_handler=
zlib.output_compression=0
--FILE--
?php
$infile = dirname(__FILE__).'/bug34704.jpg';
var_dump(exif_read_data($infile));
?
===DONE===
--EXPECT--
array(7) {
[FileName]=
string(12) bug34704.jpg
[FileDateTime]=
int(1128866682)
[FileSize]=
int(9976)
[FileType]=
int(2)
[MimeType]=
string(10) image/jpeg
[SectionsFound]=
string(4) IFD0
[COMPUTED]=
array(5) {
[html]=
string(24) width=386 height=488
[Height]=
int(488)
[Width]=
int(386)
[IsColor]=
int(1)
[ByteOrderMotorola]=
int(0)
}
}
===DONE===
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_0) / NEWS /ext/exif exif.c
iliaa Tue Feb 1 18:28:31 2005 EDT
Modified files: (Branch: PHP_5_0)
/php-srcNEWS
/php-src/ext/exif exif.c
Log:
MFH: Fixed bug #31797 (exif_read_data() uses too low nesting limit).
http://cvs.php.net/diff.php/php-src/NEWS?r1=1.1760.2.224r2=1.1760.2.225ty=u
Index: php-src/NEWS
diff -u php-src/NEWS:1.1760.2.224 php-src/NEWS:1.1760.2.225
--- php-src/NEWS:1.1760.2.224 Fri Jan 28 12:37:41 2005
+++ php-src/NEWSTue Feb 1 18:28:30 2005
@@ -15,6 +15,7 @@
is passed. (Tony)
- Fixed posix_getsid() posix_getpgid() to return sid pgid instead
of true. (Tony)
+- Fixed bug #31797 (exif_read_data() uses too low nesting limit). (Ilia)
- Fixed bug #31732 (mb_get_info() causes segfault when no parameters
specified). (Tony)
- Fixed bug #31710 (Wrong return values for mysqli_autocommit/commit/rollback).
http://cvs.php.net/diff.php/php-src/ext/exif/exif.c?r1=1.162.2.3r2=1.162.2.4ty=u
Index: php-src/ext/exif/exif.c
diff -u php-src/ext/exif/exif.c:1.162.2.3 php-src/ext/exif/exif.c:1.162.2.4
--- php-src/ext/exif/exif.c:1.162.2.3 Fri Jan 21 18:59:55 2005
+++ php-src/ext/exif/exif.c Tue Feb 1 18:28:31 2005
@@ -17,7 +17,7 @@
+--+
*/
-/* $Id: exif.c,v 1.162.2.3 2005/01/21 23:59:55 andrei Exp $ */
+/* $Id: exif.c,v 1.162.2.4 2005/02/01 23:28:31 iliaa Exp $ */
/* ToDos
*
@@ -93,7 +93,7 @@
#define EFREE_IF(ptr) if (ptr) efree(ptr)
-#define MAX_IFD_NESTING_LEVEL 5
+#define MAX_IFD_NESTING_LEVEL 25
static
ZEND_BEGIN_ARG_INFO(exif_thumbnail_force_ref, 1)
@@ -112,7 +112,7 @@
};
/* }}} */
-#define EXIF_VERSION 1.4 $Id: exif.c,v 1.162.2.3 2005/01/21 23:59:55 andrei
Exp $
+#define EXIF_VERSION 1.4 $Id: exif.c,v 1.162.2.4 2005/02/01 23:28:31 iliaa
Exp $
/* {{{ PHP_MINFO_FUNCTION
*/
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_0) / NEWS /ext/exif exif.c
andrei Fri Jan 21 18:59:55 2005 EDT
Modified files: (Branch: PHP_5_0)
/php-srcNEWS
/php-src/ext/exif exif.c
Log:
MFB (bugfix for 28451)
http://cvs.php.net/diff.php/php-src/NEWS?r1=1.1760.2.202r2=1.1760.2.203ty=u
Index: php-src/NEWS
diff -u php-src/NEWS:1.1760.2.202 php-src/NEWS:1.1760.2.203
--- php-src/NEWS:1.1760.2.202 Thu Jan 20 13:42:40 2005
+++ php-src/NEWSFri Jan 21 18:59:55 2005
@@ -1,6 +1,8 @@
PHPNEWS
|||
?? ??? 2005, PHP 5.0.4
+- Fixed bug #28451 (corupt EXIF headers have unlimited recursive IFD directory
+ entries). (Andrei)
- Added Oracle Instant Client support. (cjbj at hotmail dot com, Tony)
- Added length and charsetnr for field array and object in mysqli. (Georg)
- Changed phpize not to require automake and libtool. (Jani)
http://cvs.php.net/diff.php/php-src/ext/exif/exif.c?r1=1.162.2.2r2=1.162.2.3ty=u
Index: php-src/ext/exif/exif.c
diff -u php-src/ext/exif/exif.c:1.162.2.2 php-src/ext/exif/exif.c:1.162.2.3
--- php-src/ext/exif/exif.c:1.162.2.2 Tue Nov 9 20:44:28 2004
+++ php-src/ext/exif/exif.c Fri Jan 21 18:59:55 2005
@@ -17,7 +17,7 @@
+--+
*/
-/* $Id: exif.c,v 1.162.2.2 2004/11/10 01:44:28 iliaa Exp $ */
+/* $Id: exif.c,v 1.162.2.3 2005/01/21 23:59:55 andrei Exp $ */
/* ToDos
*
@@ -93,12 +93,13 @@
#define EFREE_IF(ptr) if (ptr) efree(ptr)
+#define MAX_IFD_NESTING_LEVEL 5
+
static
ZEND_BEGIN_ARG_INFO(exif_thumbnail_force_ref, 1)
ZEND_ARG_PASS_INFO(0)
ZEND_END_ARG_INFO();
-
/* {{{ exif_functions[]
*/
function_entry exif_functions[] = {
@@ -111,7 +112,7 @@
};
/* }}} */
-#define EXIF_VERSION 1.4 $Id: exif.c,v 1.162.2.2 2004/11/10 01:44:28 iliaa
Exp $
+#define EXIF_VERSION 1.4 $Id: exif.c,v 1.162.2.3 2005/01/21 23:59:55 andrei
Exp $
/* {{{ PHP_MINFO_FUNCTION
*/
@@ -1442,6 +1443,7 @@
/* for parsing */
int read_thumbnail;
int read_all;
+ int ifd_nesting_level;
/* internal */
file_section_list file;
} image_info_type;
@@ -2711,6 +2713,13 @@
size_t byte_count, offset_val, fpos, fgot;
xp_field_type *tmp_xp;
+ /* Protect against corrupt headers */
+ if (ImageInfo-ifd_nesting_level MAX_IFD_NESTING_LEVEL) {
+ exif_error_docref(exif_read_data#error_ifd TSRMLS_CC,
ImageInfo, E_WARNING, corrupt EXIF header: maximum directory nesting level
reached);
+ return FALSE;
+ }
+ ImageInfo-ifd_nesting_level++;
+
tag = php_ifd_get16u(dir_entry, ImageInfo-motorola_intel);
format = php_ifd_get16u(dir_entry+2, ImageInfo-motorola_intel);
components = php_ifd_get32u(dir_entry+4, ImageInfo-motorola_intel);
@@ -3739,6 +3748,8 @@
}
}
+ ImageInfo-ifd_nesting_level = 0;
+
/* Scan the JPEG headers. */
ret = exif_scan_FILE_header(ImageInfo TSRMLS_CC);
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_0) / NEWS /ext/exif exif.c
helly Thu Nov 4 15:15:39 2004 EDT
Modified files: (Branch: PHP_5_0)
/php-src/ext/exif exif.c
/php-srcNEWS
Log:
MFH Bug #30627
http://cvs.php.net/diff.php/php-src/ext/exif/exif.c?r1=1.162r2=1.162.2.1ty=u
Index: php-src/ext/exif/exif.c
diff -u php-src/ext/exif/exif.c:1.162 php-src/ext/exif/exif.c:1.162.2.1
--- php-src/ext/exif/exif.c:1.162 Tue Mar 16 15:58:01 2004
+++ php-src/ext/exif/exif.c Thu Nov 4 15:15:38 2004
@@ -17,7 +17,7 @@
+--+
*/
-/* $Id: exif.c,v 1.162 2004/03/16 20:58:01 derick Exp $ */
+/* $Id: exif.c,v 1.162.2.1 2004/11/04 20:15:38 helly Exp $ */
/* ToDos
*
@@ -111,7 +111,7 @@
};
/* }}} */
-#define EXIF_VERSION 1.4 $Id: exif.c,v 1.162 2004/03/16 20:58:01 derick Exp $
+#define EXIF_VERSION 1.4 $Id: exif.c,v 1.162.2.1 2004/11/04 20:15:38 helly Exp $
/* {{{ PHP_MINFO_FUNCTION
*/
@@ -2734,7 +2734,7 @@
// JPEG does not use absolute pointers instead its pointers
are relative to the start
// of the TIFF header in APP1 section.
*/
- if (offset_val+byte_countImageInfo-FileSize ||
(ImageInfo-FileType!=IMAGE_FILETYPE_TIFF_II
ImageInfo-FileType!=IMAGE_FILETYPE_TIFF_MM)) {
+ if (offset_val+byte_countImageInfo-FileSize ||
(ImageInfo-FileType!=IMAGE_FILETYPE_TIFF_II
ImageInfo-FileType!=IMAGE_FILETYPE_TIFF_MM
ImageInfo-FileType!=IMAGE_FILETYPE_JPEG)) {
if (value_ptr dir_entry) {
/* we can read this if offset_val 0 */
/* some files have their values in other parts
of the file */
http://cvs.php.net/diff.php/php-src/NEWS?r1=1.1760.2.115r2=1.1760.2.116ty=u
Index: php-src/NEWS
diff -u php-src/NEWS:1.1760.2.115 php-src/NEWS:1.1760.2.116
--- php-src/NEWS:1.1760.2.115 Thu Nov 4 10:29:53 2004
+++ php-src/NEWSThu Nov 4 15:15:38 2004
@@ -1,15 +1,17 @@
PHPNEWS
|||
?? ??? 2004, PHP 5.0.3
-- Fixed bug #30685 (Malformed SOAPClient http header reequest). (Dmitry)
-- Fixed bug #30645 (def. multi result set support for mysql_connect). (Georg)
- Fixed error handling in mysqli_multi_query. (Georg)
- Fixed a problem with SPL iterators aggregating the innner iterator. (Marcus)
- Extended the functionality of is_subclass_of() to accept either a class name
or an object as first parameter. (Andrey)
- Fixed potential problems with unserializing invalid serialize data. (Marcus)
+- Fixed bug #30685 (Malformed SOAPClient http header reequest). (Dmitry)
+- Fixed bug #30672 (Problem handling exif data in jpeg images at unusual
+ places). (Marcus)
- Fixed bug #30658 (Ensure that temporary files created by GD are removed).
(Ilia)
+- Fixed bug #30645 (def. multi result set support for mysql_connect). (Georg)
- Fixed bug #30572 (crash when comparing SimpleXML attribute to a boolean).
(Andi)
- Fixed bug #30475 (curl_getinfo() may crash in some situations). (Ilia)
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
