[PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/NEWS branches/PHP_5_3/ext/exif/exif.c trunk/ext/exif/exif.c
iliaaTue, 12 Apr 2011 18:33:08 +
Revision: http://svn.php.net/viewvc?view=revisionrevision=310167
Log:
Fixed bug #54121 (error message format string typo).
Bug: http://bugs.php.net/54121 (Open) php: exif error message format string typo
Changed paths:
U php/php-src/branches/PHP_5_3/NEWS
U php/php-src/branches/PHP_5_3/ext/exif/exif.c
U php/php-src/trunk/ext/exif/exif.c
Modified: php/php-src/branches/PHP_5_3/NEWS
===
--- php/php-src/branches/PHP_5_3/NEWS 2011-04-12 17:30:42 UTC (rev 310166)
+++ php/php-src/branches/PHP_5_3/NEWS 2011-04-12 18:33:08 UTC (rev 310167)
@@ -34,6 +34,9 @@
- DBA extension:
. Fixed bug #54242 (dba_insert returns true if key already exists). (Felipe)
+- Exif extesion:
+ . Fixed bug #54121 (error message format string typo). (Ilia)
+
- Filter extension:
. Fixed bug #53037 (FILTER_FLAG_EMPTY_STRING_NULL is not implemented). (Ilia)
Modified: php/php-src/branches/PHP_5_3/ext/exif/exif.c
===
--- php/php-src/branches/PHP_5_3/ext/exif/exif.c2011-04-12 17:30:42 UTC
(rev 310166)
+++ php/php-src/branches/PHP_5_3/ext/exif/exif.c2011-04-12 18:33:08 UTC
(rev 310167)
@@ -2909,7 +2909,7 @@
fgot = php_stream_tell(ImageInfo-infile);
if (fgot!=offset_val) {
EFREE_IF(outside);
- exif_error_docref(NULL EXIFERR_CC, ImageInfo,
E_WARNING, Wrong file pointer: 0x%08X != 0x08X, fgot, offset_val);
+ exif_error_docref(NULL EXIFERR_CC, ImageInfo,
E_WARNING, Wrong file pointer: 0x%08X != 0x%08X, fgot, offset_val);
return FALSE;
}
fgot = php_stream_read(ImageInfo-infile, value_ptr,
byte_count);
Modified: php/php-src/trunk/ext/exif/exif.c
===
--- php/php-src/trunk/ext/exif/exif.c 2011-04-12 17:30:42 UTC (rev 310166)
+++ php/php-src/trunk/ext/exif/exif.c 2011-04-12 18:33:08 UTC (rev 310167)
@@ -2905,7 +2905,7 @@
fgot = php_stream_tell(ImageInfo-infile);
if (fgot!=offset_val) {
EFREE_IF(outside);
- exif_error_docref(NULL EXIFERR_CC, ImageInfo,
E_WARNING, Wrong file pointer: 0x%08X != 0x08X, fgot, offset_val);
+ exif_error_docref(NULL EXIFERR_CC, ImageInfo,
E_WARNING, Wrong file pointer: 0x%08X != 0x%08X, fgot, offset_val);
return FALSE;
}
fgot = php_stream_read(ImageInfo-infile, value_ptr,
byte_count);
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/NEWS branches/PHP_5_3/ext/exif/exif.c trunk/ext/exif/exif.c
Please commit fixes to all branches in one single commit.
--Jani
On 08/16/2009 05:32 PM, Ilia Alshanetsky wrote:
iliaaSun, 16 Aug 2009 14:32:32 +
Revision: http://svn.php.net/viewvc?view=revisionrevision=287372
Log:
MFB: Added missing sanity checks around exif processing.
Changed paths:
U php/php-src/branches/PHP_5_3/NEWS
U php/php-src/branches/PHP_5_3/ext/exif/exif.c
U php/php-src/trunk/ext/exif/exif.c
Modified: php/php-src/branches/PHP_5_3/NEWS
===
--- php/php-src/branches/PHP_5_3/NEWS 2009-08-16 14:31:27 UTC (rev 287371)
+++ php/php-src/branches/PHP_5_3/NEWS 2009-08-16 14:32:32 UTC (rev 287372)
@@ -1,6 +1,7 @@
PHP
NEWS
|||
?? ??? 2009, PHP 5.3.1
+- Added missing sanity checks around exif processing. (Ilia)
- Upgraded bundled sqlite to version 3.6.17. (Scott)
- Improved dns_get_record support on windows. Always available when IPv6
is
Modified: php/php-src/branches/PHP_5_3/ext/exif/exif.c
===
--- php/php-src/branches/PHP_5_3/ext/exif/exif.c2009-08-16 14:31:27 UTC
(rev 287371)
+++ php/php-src/branches/PHP_5_3/ext/exif/exif.c2009-08-16 14:32:32 UTC
(rev 287372)
@@ -3238,7 +3238,7 @@
{
/* Check the APP1 for Exif Identifier Code */
static const uchar ExifHeader[] = {0x45, 0x78, 0x69, 0x66, 0x00, 0x00};
- if (memcmp(CharBuf+2, ExifHeader, 6)) {
+ if (length= 8 || memcmp(CharBuf+2, ExifHeader, 6)) {
exif_error_docref(NULL EXIFERR_CC, ImageInfo, E_WARNING, Incorrect
APP1 Exif Identifier Code);
return;
}
@@ -3321,8 +3321,14 @@
}
/* Read the length of the section. */
- lh = php_stream_getc(ImageInfo-infile);
- ll = php_stream_getc(ImageInfo-infile);
+ if ((lh = php_stream_getc(ImageInfo-infile)) == EOF) {
+ EXIF_ERRLOG_CORRUPT(ImageInfo)
+ return FALSE;
+ }
+ if ((ll = php_stream_getc(ImageInfo-infile)) == EOF) {
+ EXIF_ERRLOG_CORRUPT(ImageInfo)
+ return FALSE;
+ }
itemlen = (lh 8) | ll;
@@ -3522,6 +3528,10 @@
int entry_tag , entry_type;
tag_table_type tag_table = exif_get_tag_table(section_index);
+ if (ImageInfo-ifd_nesting_level MAX_IFD_NESTING_LEVEL) {
+return FALSE;
+}
+
if (ImageInfo-FileSize= dir_offset+2) {
sn = exif_file_sections_add(ImageInfo, M_PSEUDO, 2, NULL);
#ifdef EXIF_DEBUG
@@ -3665,6 +3675,7 @@
#ifdef EXIF_DEBUG
exif_error_docref(NULL EXIFERR_CC,
ImageInfo, E_NOTICE, Next IFD: %s @x%04X,
exif_get_sectionname(sub_section_index), entry_offset);
#endif
+ ImageInfo-ifd_nesting_level++;
exif_process_IFD_in_TIFF(ImageInfo, entry_offset, sub_section_index TSRMLS_CC);
if
(section_index!=SECTION_THUMBNAIL entry_tag==TAG_SUB_IFD) {
if
(ImageInfo-Thumbnail.filetype != IMAGE_FILETYPE_UNKNOWN
@@ -3704,6 +3715,7 @@
#ifdef EXIF_DEBUG
exif_error_docref(NULL EXIFERR_CC, ImageInfo,
E_NOTICE, Read next IFD (THUMBNAIL) at x%04X, next_offset);
#endif
+ ImageInfo-ifd_nesting_level++;
exif_process_IFD_in_TIFF(ImageInfo,
next_offset, SECTION_THUMBNAIL TSRMLS_CC);
#ifdef EXIF_DEBUG
exif_error_docref(NULL EXIFERR_CC, ImageInfo, E_NOTICE, %s THUMBNAIL
@0x%04X + 0x%04X, ImageInfo-Thumbnail.data ? Ignore : Read,
ImageInfo-Thumbnail.offset, ImageInfo-Thumbnail.size);
@@ -3776,9 +3788,7 @@
} else {
exif_error_docref(NULL EXIFERR_CC, ImageInfo,
E_WARNING, Invalid TIFF file);
}
- }
- else
- if (!memcmp(file_header, MM\x00\x2a, 4)) {
+ } else if (!memcmp(file_header, MM\x00\x2a, 4)) {
ImageInfo-FileType = IMAGE_FILETYPE_TIFF_MM;
ImageInfo-motorola_intel = 1;
#ifdef EXIF_DEBUG
Modified: php/php-src/trunk/ext/exif/exif.c
===
--- php/php-src/trunk/ext/exif/exif.c 2009-08-16 14:31:27 UTC (rev 287371)
+++ php/php-src/trunk/ext/exif/exif.c 2009-08-16
[PHP-CVS] svn: /php/php-src/ branches/PHP_5_3/NEWS branches/PHP_5_3/ext/exif/exif.c trunk/ext/exif/exif.c
iliaaSun, 16 Aug 2009 14:32:32 +
Revision: http://svn.php.net/viewvc?view=revisionrevision=287372
Log:
MFB: Added missing sanity checks around exif processing.
Changed paths:
U php/php-src/branches/PHP_5_3/NEWS
U php/php-src/branches/PHP_5_3/ext/exif/exif.c
U php/php-src/trunk/ext/exif/exif.c
Modified: php/php-src/branches/PHP_5_3/NEWS
===
--- php/php-src/branches/PHP_5_3/NEWS 2009-08-16 14:31:27 UTC (rev 287371)
+++ php/php-src/branches/PHP_5_3/NEWS 2009-08-16 14:32:32 UTC (rev 287372)
@@ -1,6 +1,7 @@
PHPNEWS
|||
?? ??? 2009, PHP 5.3.1
+- Added missing sanity checks around exif processing. (Ilia)
- Upgraded bundled sqlite to version 3.6.17. (Scott)
- Improved dns_get_record support on windows. Always available when IPv6
is
Modified: php/php-src/branches/PHP_5_3/ext/exif/exif.c
===
--- php/php-src/branches/PHP_5_3/ext/exif/exif.c2009-08-16 14:31:27 UTC
(rev 287371)
+++ php/php-src/branches/PHP_5_3/ext/exif/exif.c2009-08-16 14:32:32 UTC
(rev 287372)
@@ -3238,7 +3238,7 @@
{
/* Check the APP1 for Exif Identifier Code */
static const uchar ExifHeader[] = {0x45, 0x78, 0x69, 0x66, 0x00, 0x00};
- if (memcmp(CharBuf+2, ExifHeader, 6)) {
+ if (length = 8 || memcmp(CharBuf+2, ExifHeader, 6)) {
exif_error_docref(NULL EXIFERR_CC, ImageInfo, E_WARNING,
Incorrect APP1 Exif Identifier Code);
return;
}
@@ -3321,8 +3321,14 @@
}
/* Read the length of the section. */
- lh = php_stream_getc(ImageInfo-infile);
- ll = php_stream_getc(ImageInfo-infile);
+ if ((lh = php_stream_getc(ImageInfo-infile)) == EOF) {
+ EXIF_ERRLOG_CORRUPT(ImageInfo)
+ return FALSE;
+ }
+ if ((ll = php_stream_getc(ImageInfo-infile)) == EOF) {
+ EXIF_ERRLOG_CORRUPT(ImageInfo)
+ return FALSE;
+ }
itemlen = (lh 8) | ll;
@@ -3522,6 +3528,10 @@
int entry_tag , entry_type;
tag_table_type tag_table = exif_get_tag_table(section_index);
+ if (ImageInfo-ifd_nesting_level MAX_IFD_NESTING_LEVEL) {
+return FALSE;
+}
+
if (ImageInfo-FileSize = dir_offset+2) {
sn = exif_file_sections_add(ImageInfo, M_PSEUDO, 2, NULL);
#ifdef EXIF_DEBUG
@@ -3665,6 +3675,7 @@
#ifdef EXIF_DEBUG
exif_error_docref(NULL
EXIFERR_CC, ImageInfo, E_NOTICE, Next IFD: %s @x%04X,
exif_get_sectionname(sub_section_index), entry_offset);
#endif
+ ImageInfo-ifd_nesting_level++;
exif_process_IFD_in_TIFF(ImageInfo, entry_offset, sub_section_index TSRMLS_CC);
if
(section_index!=SECTION_THUMBNAIL entry_tag==TAG_SUB_IFD) {
if
(ImageInfo-Thumbnail.filetype != IMAGE_FILETYPE_UNKNOWN
@@ -3704,6 +3715,7 @@
#ifdef EXIF_DEBUG
exif_error_docref(NULL EXIFERR_CC,
ImageInfo, E_NOTICE, Read next IFD (THUMBNAIL) at x%04X, next_offset);
#endif
+ ImageInfo-ifd_nesting_level++;
exif_process_IFD_in_TIFF(ImageInfo,
next_offset, SECTION_THUMBNAIL TSRMLS_CC);
#ifdef EXIF_DEBUG
exif_error_docref(NULL EXIFERR_CC,
ImageInfo, E_NOTICE, %s THUMBNAIL @0x%04X + 0x%04X, ImageInfo-Thumbnail.data
? Ignore : Read, ImageInfo-Thumbnail.offset, ImageInfo-Thumbnail.size);
@@ -3776,9 +3788,7 @@
} else {
exif_error_docref(NULL EXIFERR_CC,
ImageInfo, E_WARNING, Invalid TIFF file);
}
- }
- else
- if (!memcmp(file_header, MM\x00\x2a, 4)) {
+ } else if (!memcmp(file_header, MM\x00\x2a, 4)) {
ImageInfo-FileType = IMAGE_FILETYPE_TIFF_MM;
ImageInfo-motorola_intel = 1;
#ifdef EXIF_DEBUG
Modified: php/php-src/trunk/ext/exif/exif.c
===
--- php/php-src/trunk/ext/exif/exif.c 2009-08-16 14:31:27 UTC (rev 287371)
+++ php/php-src/trunk/ext/exif/exif.c 2009-08-16 14:32:32 UTC (rev 287372)
@@ -3216,7 +3216,7 @@
{
/* Check the APP1 for Exif Identifier Code */
static const uchar
