[PHP-CVS] cvs: php-src(PHP_5_2) /ext/exif exif.c /ext/exif/tests bug48378.jpeg bug48378.phpt
pajoye Thu May 28 14:03:09 2009 UTC
Added files: (Branch: PHP_5_2)
/php-src/ext/exif/tests bug48378.jpeg bug48378.phpt
Modified files:
/php-src/ext/exif exif.c
Log:
- MFB: #48378, exif_read_data() segfaults on certain corrupted .jpeg files
http://cvs.php.net/viewvc.cgi/php-src/ext/exif/exif.c?r1=1.173.2.5.2.27r2=1.173.2.5.2.28diff_format=u
Index: php-src/ext/exif/exif.c
diff -u php-src/ext/exif/exif.c:1.173.2.5.2.27
php-src/ext/exif/exif.c:1.173.2.5.2.28
--- php-src/ext/exif/exif.c:1.173.2.5.2.27 Wed Dec 31 11:17:37 2008
+++ php-src/ext/exif/exif.c Thu May 28 14:03:09 2009
@@ -17,7 +17,7 @@
+--+
*/
-/* $Id: exif.c,v 1.173.2.5.2.27 2008/12/31 11:17:37 sebastian Exp $ */
+/* $Id: exif.c,v 1.173.2.5.2.28 2009/05/28 14:03:09 pajoye Exp $ */
/* ToDos
*
@@ -142,7 +142,7 @@
};
/* }}} */
-#define EXIF_VERSION 1.4 $Id: exif.c,v 1.173.2.5.2.27 2008/12/31 11:17:37
sebastian Exp $
+#define EXIF_VERSION 1.4 $Id: exif.c,v 1.173.2.5.2.28 2009/05/28 14:03:09
pajoye Exp $
/* {{{ PHP_MINFO_FUNCTION
*/
@@ -3215,6 +3215,10 @@
exif_error_docref(NULL EXIFERR_CC, ImageInfo, E_WARNING,
Invalid TIFF start (1));
return;
}
+ if (offset_of_ifd length) {
+ exif_error_docref(NULL EXIFERR_CC, ImageInfo, E_WARNING,
Invalid IFD start);
+ return;
+ }
ImageInfo-sections_found |= FOUND_IFD0;
/* First directory starts at offset 8. Offsets starts at 0. */
http://cvs.php.net/viewvc.cgi/php-src/ext/exif/tests/bug48378.phpt?view=markuprev=1.1
Index: php-src/ext/exif/tests/bug48378.phpt
+++ php-src/ext/exif/tests/bug48378.phpt
--TEST--
Bug #48378 (Infinite recursion due to corrupt JPEG)
--SKIPIF--
?php if (!extension_loaded('exif')) print 'skip exif extension not
available';?
--FILE--
?php
exif_read_data(
dirname(__FILE__) . /bug48378.jpeg,
FILE,COMPUTED,ANY_TAG
);
?
--EXPECTF--
Warning: exif_read_data(%s): Invalid IFD start in %s48378.php on line %d
Warning: exif_read_data(%s): Error reading from file: got=x08B4(=2228) !=
itemlen-2=x1FFE(=8190) in %s48378.php on line %d
Warning: exif_read_data(%s): Invalid JPEG file in %s48378.php on line %d
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_2) /ext/exif exif.c
janiSun Aug 3 12:11:13 2008 UTC
Modified files: (Branch: PHP_5_2)
/php-src/ext/exif exif.c
Log:
MFH
http://cvs.php.net/viewvc.cgi/php-src/ext/exif/exif.c?r1=1.173.2.5.2.25r2=1.173.2.5.2.26diff_format=u
Index: php-src/ext/exif/exif.c
diff -u php-src/ext/exif/exif.c:1.173.2.5.2.25
php-src/ext/exif/exif.c:1.173.2.5.2.26
--- php-src/ext/exif/exif.c:1.173.2.5.2.25 Wed Mar 12 17:33:14 2008
+++ php-src/ext/exif/exif.c Sun Aug 3 12:11:13 2008
@@ -17,7 +17,7 @@
+--+
*/
-/* $Id: exif.c,v 1.173.2.5.2.25 2008/03/12 17:33:14 iliaa Exp $ */
+/* $Id: exif.c,v 1.173.2.5.2.26 2008/08/03 12:11:13 jani Exp $ */
/* ToDos
*
@@ -142,7 +142,7 @@
};
/* }}} */
-#define EXIF_VERSION 1.4 $Id: exif.c,v 1.173.2.5.2.25 2008/03/12 17:33:14
iliaa Exp $
+#define EXIF_VERSION 1.4 $Id: exif.c,v 1.173.2.5.2.26 2008/08/03 12:11:13
jani Exp $
/* {{{ PHP_MINFO_FUNCTION
*/
@@ -2862,11 +2862,9 @@
/* If its bigger than 4 bytes, the dir entry contains an
offset. */
value_ptr = offset_base+offset_val;
if (offset_val+byte_count IFDlength || value_ptr dir_entry)
{
- /*
- // It is important to check for IMAGE_FILETYPE_TIFF
- // JPEG does not use absolute pointers instead its
pointers are relative to the start
- // of the TIFF header in APP1 section.
- */
+ /* It is important to check for IMAGE_FILETYPE_TIFF
+* JPEG does not use absolute pointers instead its
pointers are
+* relative to the start of the TIFF header in APP1
section. */
if (offset_val+byte_countImageInfo-FileSize ||
(ImageInfo-FileType!=IMAGE_FILETYPE_TIFF_II
ImageInfo-FileType!=IMAGE_FILETYPE_TIFF_MM
ImageInfo-FileType!=IMAGE_FILETYPE_JPEG)) {
if (value_ptr dir_entry) {
/* we can read this if offset_val 0 */
@@ -2884,13 +2882,11 @@
value_ptr = safe_emalloc(byte_count, 1, 0);
outside = value_ptr;
} else {
- /*
- // in most cases we only access a small range so
- // it is faster to use a static buffer there
- // BUT it offers also the possibility to have
- // pointers read without the need to free them
- // explicitley before returning.
- */
+ /* In most cases we only access a small range so
+* it is faster to use a static buffer there
+* BUT it offers also the possibility to have
+* pointers read without the need to free them
+* explicitley before returning. */
memset(cbuf, 0, sizeof(cbuf));
value_ptr = cbuf;
}
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_2) /ext/exif exif.c
pajoye Fri Mar 7 18:41:02 2008 UTC
Modified files: (Branch: PHP_5_2)
/php-src/ext/exif exif.c
Log:
- #44355, compilation breaks due illegal const usage (Guenter Knauf)
I suppose it must break on other platform, it is not used anywhere else
but here, and it was introduced after 5.2.5 (why no news)
http://cvs.php.net/viewvc.cgi/php-src/ext/exif/exif.c?r1=1.173.2.5.2.23r2=1.173.2.5.2.24diff_format=u
Index: php-src/ext/exif/exif.c
diff -u php-src/ext/exif/exif.c:1.173.2.5.2.23
php-src/ext/exif/exif.c:1.173.2.5.2.24
--- php-src/ext/exif/exif.c:1.173.2.5.2.23 Mon Dec 31 07:20:06 2007
+++ php-src/ext/exif/exif.c Fri Mar 7 18:41:02 2008
@@ -17,7 +17,7 @@
+--+
*/
-/* $Id: exif.c,v 1.173.2.5.2.23 2007/12/31 07:20:06 sebastian Exp $ */
+/* $Id: exif.c,v 1.173.2.5.2.24 2008/03/07 18:41:02 pajoye Exp $ */
/* ToDos
*
@@ -142,7 +142,7 @@
};
/* }}} */
-#define EXIF_VERSION 1.4 $Id: exif.c,v 1.173.2.5.2.23 2007/12/31 07:20:06
sebastian Exp $
+#define EXIF_VERSION 1.4 $Id: exif.c,v 1.173.2.5.2.24 2008/03/07 18:41:02
pajoye Exp $
/* {{{ PHP_MINFO_FUNCTION
*/
@@ -242,7 +242,7 @@
/* }}} */
/* {{{ exif dependencies */
-static const zend_module_dep exif_module_deps[] = {
+static zend_module_dep exif_module_deps[] = {
ZEND_MOD_REQUIRED(standard)
#if EXIF_USE_MBSTRING
ZEND_MOD_REQUIRED(mbstring)
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_2) /ext/exif exif.c
janiMon Dec 17 08:52:30 2007 UTC
Modified files: (Branch: PHP_5_2)
/php-src/ext/exif exif.c
Log:
MFH:- Fix indent of macros
http://cvs.php.net/viewvc.cgi/php-src/ext/exif/exif.c?r1=1.173.2.5.2.21r2=1.173.2.5.2.22diff_format=u
Index: php-src/ext/exif/exif.c
diff -u php-src/ext/exif/exif.c:1.173.2.5.2.21
php-src/ext/exif/exif.c:1.173.2.5.2.22
--- php-src/ext/exif/exif.c:1.173.2.5.2.21 Sun Dec 16 17:14:54 2007
+++ php-src/ext/exif/exif.c Mon Dec 17 08:52:30 2007
@@ -17,7 +17,7 @@
+--+
*/
-/* $Id: exif.c,v 1.173.2.5.2.21 2007/12/16 17:14:54 iliaa Exp $ */
+/* $Id: exif.c,v 1.173.2.5.2.22 2007/12/17 08:52:30 jani Exp $ */
/* ToDos
*
@@ -142,7 +142,7 @@
};
/* }}} */
-#define EXIF_VERSION 1.4 $Id: exif.c,v 1.173.2.5.2.21 2007/12/16 17:14:54
iliaa Exp $
+#define EXIF_VERSION 1.4 $Id: exif.c,v 1.173.2.5.2.22 2007/12/17 08:52:30
jani Exp $
/* {{{ PHP_MINFO_FUNCTION
*/
@@ -244,9 +244,9 @@
/* {{{ exif dependencies */
static const zend_module_dep exif_module_deps[] = {
ZEND_MOD_REQUIRED(standard)
- #if EXIF_USE_MBSTRING
+#if EXIF_USE_MBSTRING
ZEND_MOD_REQUIRED(mbstring)
- #endif
+#endif
{NULL, NULL, NULL}
};
/* }}} */
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_2) /ext/exif exif.c
helly Sun Feb 25 13:09:13 2007 UTC
Modified files: (Branch: PHP_5_2)
/php-src/ext/exif exif.c
Log:
- MFH Readability
http://cvs.php.net/viewvc.cgi/php-src/ext/exif/exif.c?r1=1.173.2.5.2.17r2=1.173.2.5.2.18diff_format=u
Index: php-src/ext/exif/exif.c
diff -u php-src/ext/exif/exif.c:1.173.2.5.2.17
php-src/ext/exif/exif.c:1.173.2.5.2.18
--- php-src/ext/exif/exif.c:1.173.2.5.2.17 Sat Feb 24 18:02:11 2007
+++ php-src/ext/exif/exif.c Sun Feb 25 13:09:13 2007
@@ -17,7 +17,7 @@
+--+
*/
-/* $Id: exif.c,v 1.173.2.5.2.17 2007/02/24 18:02:11 iliaa Exp $ */
+/* $Id: exif.c,v 1.173.2.5.2.18 2007/02/25 13:09:13 helly Exp $ */
/* ToDos
*
@@ -142,7 +142,7 @@
};
/* }}} */
-#define EXIF_VERSION 1.4 $Id: exif.c,v 1.173.2.5.2.17 2007/02/24 18:02:11
iliaa Exp $
+#define EXIF_VERSION 1.4 $Id: exif.c,v 1.173.2.5.2.18 2007/02/25 13:09:13
helly Exp $
/* {{{ PHP_MINFO_FUNCTION
*/
@@ -569,7 +569,7 @@
#define TAG_TABLE_END \
{TAG_NONE, No tag value},\
{TAG_COMPUTED_VALUE, Computed value},\
- {TAG_END_OF_LIST,} /* Important for exif_get_tagname() IF value !=
functionresult is != false */
+ {TAG_END_OF_LIST,} /* Important for exif_get_tagname() IF value !=
function result is != false */
static tag_info_array tag_table_IFD = {
{ 0x000B, ACDComment},
@@ -996,11 +996,8 @@
int i, t;
char tmp[32];
- for (i=0;;i++) {
- if ((t=tag_table[i].Tag) == tag_num || t==TAG_END_OF_LIST) {
- if (t==TAG_END_OF_LIST) {
- break;
- }
+ for (i = 0; (t = tag_table[i].Tag) != TAG_END_OF_LIST; i++) {
+ if (t == tag_num) {
if (ret len) {
strlcpy(ret, tag_table[i].Desc, abs(len));
if (len 0) {
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_2) /ext/exif exif.c
helly Sat Feb 24 14:28:09 2007 UTC
Modified files: (Branch: PHP_5_2)
/php-src/ext/exif exif.c
Log:
- Make debug code really safe
http://cvs.php.net/viewvc.cgi/php-src/ext/exif/exif.c?r1=1.173.2.5.2.13r2=1.173.2.5.2.14diff_format=u
Index: php-src/ext/exif/exif.c
diff -u php-src/ext/exif/exif.c:1.173.2.5.2.13
php-src/ext/exif/exif.c:1.173.2.5.2.14
--- php-src/ext/exif/exif.c:1.173.2.5.2.13 Sat Feb 24 03:08:05 2007
+++ php-src/ext/exif/exif.c Sat Feb 24 14:28:09 2007
@@ -17,7 +17,7 @@
+--+
*/
-/* $Id: exif.c,v 1.173.2.5.2.13 2007/02/24 03:08:05 stas Exp $ */
+/* $Id: exif.c,v 1.173.2.5.2.14 2007/02/24 14:28:09 helly Exp $ */
/* ToDos
*
@@ -142,7 +142,7 @@
};
/* }}} */
-#define EXIF_VERSION 1.4 $Id: exif.c,v 1.173.2.5.2.13 2007/02/24 03:08:05
stas Exp $
+#define EXIF_VERSION 1.4 $Id: exif.c,v 1.173.2.5.2.14 2007/02/24 14:28:09
helly Exp $
/* {{{ PHP_MINFO_FUNCTION
*/
@@ -1185,43 +1185,43 @@
case TAG_FMT_STRING:
case TAG_FMT_SBYTE:
dump = erealloc(dump, len + 4 + 1);
- snprintf(dump + len, 4, 0x%02X, *value_ptr);
+ snprintf(dump + len, 4 + 1, 0x%02X,
*value_ptr);
len += 4;
value_ptr++;
break;
case TAG_FMT_USHORT:
case TAG_FMT_SSHORT:
dump = erealloc(dump, len + 6 + 1);
- snprintf(dump + len, 6, 0x%04X,
php_ifd_get16s(value_ptr, motorola_intel));
+ snprintf(dump + len, 6 + 1, 0x%04X,
php_ifd_get16s(value_ptr, motorola_intel));
len += 6;
value_ptr += 2;
break;
case TAG_FMT_ULONG:
case TAG_FMT_SLONG:
dump = erealloc(dump, len + 6 + 1);
- snprintf(dump + len, 6, 0x%04X,
php_ifd_get32s(value_ptr, motorola_intel));
+ snprintf(dump + len, 6 + 1, 0x%04X,
php_ifd_get32s(value_ptr, motorola_intel));
len += 6;
value_ptr += 4;
break;
case TAG_FMT_URATIONAL:
case TAG_FMT_SRATIONAL:
dump = erealloc(dump, len + 13 + 1);
- snprintf(dump + len, 13, 0x%04X/0x%04X,
php_ifd_get32s(value_ptr, motorola_intel), php_ifd_get32s(value_ptr+4,
motorola_intel));
+ snprintf(dump + len, 13 + 1, 0x%04X/0x%04X,
php_ifd_get32s(value_ptr, motorola_intel), php_ifd_get32s(value_ptr+4,
motorola_intel));
len += 13;
value_ptr += 8;
break;
}
if (components 0) {
- dump = erealloc(dump, len + 4 + 1);
- snprintf(dump + len, 4, , );
+ dump = erealloc(dump, len + 2 + 1);
+ snprintf(dump + len, 2 + 1, , );
len += 2;
components--;
} else{
break;
}
}
- dump = erealloc(dump, len + 2 + 1);
- snprintf(dump + len, 2, });
+ dump = erealloc(dump, len + 1 + 1);
+ snprintf(dump + len, 1 + 1, });
return dump;
}
/* }}} */
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_2) /ext/exif exif.c
iliaa Sat Feb 24 17:40:45 2007 UTC
Modified files: (Branch: PHP_5_2)
/php-src/ext/exif exif.c
Log:
Eliminate strncpy and simplify code
http://cvs.php.net/viewvc.cgi/php-src/ext/exif/exif.c?r1=1.173.2.5.2.14r2=1.173.2.5.2.15diff_format=u
Index: php-src/ext/exif/exif.c
diff -u php-src/ext/exif/exif.c:1.173.2.5.2.14
php-src/ext/exif/exif.c:1.173.2.5.2.15
--- php-src/ext/exif/exif.c:1.173.2.5.2.14 Sat Feb 24 14:28:09 2007
+++ php-src/ext/exif/exif.c Sat Feb 24 17:40:45 2007
@@ -17,7 +17,7 @@
+--+
*/
-/* $Id: exif.c,v 1.173.2.5.2.14 2007/02/24 14:28:09 helly Exp $ */
+/* $Id: exif.c,v 1.173.2.5.2.15 2007/02/24 17:40:45 iliaa Exp $ */
/* ToDos
*
@@ -142,7 +142,7 @@
};
/* }}} */
-#define EXIF_VERSION 1.4 $Id: exif.c,v 1.173.2.5.2.14 2007/02/24 14:28:09
helly Exp $
+#define EXIF_VERSION 1.4 $Id: exif.c,v 1.173.2.5.2.15 2007/02/24 17:40:45
iliaa Exp $
/* {{{ PHP_MINFO_FUNCTION
*/
@@ -1002,13 +1002,10 @@
break;
}
if (ret len) {
- strncpy(ret, tag_table[i].Desc, abs(len));
- if (len0) {
- len = -len;
- ret[len-1]='\0';
- for(i=strlen(ret);ilen;i++)ret[i]=' ';
+ strlcpy(ret, tag_table[i].Desc, abs(len));
+ if (len 0) {
+ memset(ret, ' ', -len - 1);
}
- ret[len-1]='\0';
return ret;
}
return tag_table[i].Desc;
@@ -1016,13 +1013,10 @@
}
if (ret len) {
snprintf(tmp, sizeof(tmp), UndefinedTag:0x%04X, tag_num);
- strncpy(ret, tmp, abs(len));
- if (len0) {
- len = -len;
- ret[len-1]='\0';
- for(i=strlen(ret);ilen;i++)ret[i]=' ';
+ strlcpy(ret, tmp, abs(len));
+ if (len 0) {
+ memset(ret, ' ', -len - 1);
}
- ret[len-1]='\0';
return ret;
}
return ;
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_2) /ext/exif exif.c
iliaa Sat Feb 24 17:57:57 2007 UTC
Modified files: (Branch: PHP_5_2)
/php-src/ext/exif exif.c
Log:
Pad to given length, not replace data with spaces
http://cvs.php.net/viewvc.cgi/php-src/ext/exif/exif.c?r1=1.173.2.5.2.15r2=1.173.2.5.2.16diff_format=u
Index: php-src/ext/exif/exif.c
diff -u php-src/ext/exif/exif.c:1.173.2.5.2.15
php-src/ext/exif/exif.c:1.173.2.5.2.16
--- php-src/ext/exif/exif.c:1.173.2.5.2.15 Sat Feb 24 17:40:45 2007
+++ php-src/ext/exif/exif.c Sat Feb 24 17:57:57 2007
@@ -17,7 +17,7 @@
+--+
*/
-/* $Id: exif.c,v 1.173.2.5.2.15 2007/02/24 17:40:45 iliaa Exp $ */
+/* $Id: exif.c,v 1.173.2.5.2.16 2007/02/24 17:57:57 iliaa Exp $ */
/* ToDos
*
@@ -142,7 +142,7 @@
};
/* }}} */
-#define EXIF_VERSION 1.4 $Id: exif.c,v 1.173.2.5.2.15 2007/02/24 17:40:45
iliaa Exp $
+#define EXIF_VERSION 1.4 $Id: exif.c,v 1.173.2.5.2.16 2007/02/24 17:57:57
iliaa Exp $
/* {{{ PHP_MINFO_FUNCTION
*/
@@ -1004,18 +1004,21 @@
if (ret len) {
strlcpy(ret, tag_table[i].Desc, abs(len));
if (len 0) {
- memset(ret, ' ', -len - 1);
+ memset(ret + strlen(ret), ' ', -len -
strlen(ret) - 1);
+ ret[-len] = '\0';
}
return ret;
}
return tag_table[i].Desc;
}
}
+
if (ret len) {
snprintf(tmp, sizeof(tmp), UndefinedTag:0x%04X, tag_num);
strlcpy(ret, tmp, abs(len));
if (len 0) {
- memset(ret, ' ', -len - 1);
+ memset(ret + strlen(ret), ' ', -len - strlen(ret) - 1);
+ ret[-len] = '\0';
}
return ret;
}
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_2) /ext/exif exif.c
iliaa Sat Feb 24 18:02:11 2007 UTC
Modified files: (Branch: PHP_5_2)
/php-src/ext/exif exif.c
Log:
missing -1
http://cvs.php.net/viewvc.cgi/php-src/ext/exif/exif.c?r1=1.173.2.5.2.16r2=1.173.2.5.2.17diff_format=u
Index: php-src/ext/exif/exif.c
diff -u php-src/ext/exif/exif.c:1.173.2.5.2.16
php-src/ext/exif/exif.c:1.173.2.5.2.17
--- php-src/ext/exif/exif.c:1.173.2.5.2.16 Sat Feb 24 17:57:57 2007
+++ php-src/ext/exif/exif.c Sat Feb 24 18:02:11 2007
@@ -17,7 +17,7 @@
+--+
*/
-/* $Id: exif.c,v 1.173.2.5.2.16 2007/02/24 17:57:57 iliaa Exp $ */
+/* $Id: exif.c,v 1.173.2.5.2.17 2007/02/24 18:02:11 iliaa Exp $ */
/* ToDos
*
@@ -142,7 +142,7 @@
};
/* }}} */
-#define EXIF_VERSION 1.4 $Id: exif.c,v 1.173.2.5.2.16 2007/02/24 17:57:57
iliaa Exp $
+#define EXIF_VERSION 1.4 $Id: exif.c,v 1.173.2.5.2.17 2007/02/24 18:02:11
iliaa Exp $
/* {{{ PHP_MINFO_FUNCTION
*/
@@ -1005,7 +1005,7 @@
strlcpy(ret, tag_table[i].Desc, abs(len));
if (len 0) {
memset(ret + strlen(ret), ' ', -len -
strlen(ret) - 1);
- ret[-len] = '\0';
+ ret[-len - 1] = '\0';
}
return ret;
}
@@ -1018,7 +1018,7 @@
strlcpy(ret, tmp, abs(len));
if (len 0) {
memset(ret + strlen(ret), ' ', -len - strlen(ret) - 1);
- ret[-len] = '\0';
+ ret[-len - 1] = '\0';
}
return ret;
}
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_2) /ext/exif exif.c
stasSat Feb 24 03:08:06 2007 UTC
Modified files: (Branch: PHP_5_2)
/php-src/ext/exif exif.c
Log:
use safe allocations
http://cvs.php.net/viewvc.cgi/php-src/ext/exif/exif.c?r1=1.173.2.5.2.12r2=1.173.2.5.2.13diff_format=u
Index: php-src/ext/exif/exif.c
diff -u php-src/ext/exif/exif.c:1.173.2.5.2.12
php-src/ext/exif/exif.c:1.173.2.5.2.13
--- php-src/ext/exif/exif.c:1.173.2.5.2.12 Sat Feb 24 02:17:24 2007
+++ php-src/ext/exif/exif.c Sat Feb 24 03:08:05 2007
@@ -17,7 +17,7 @@
+--+
*/
-/* $Id: exif.c,v 1.173.2.5.2.12 2007/02/24 02:17:24 helly Exp $ */
+/* $Id: exif.c,v 1.173.2.5.2.13 2007/02/24 03:08:05 stas Exp $ */
/* ToDos
*
@@ -84,6 +84,9 @@
#ifndef safe_emalloc
# define safe_emalloc(a,b,c) emalloc((a)*(b)+(c))
#endif
+#ifndef safe_erealloc
+# define safe_erealloc(p,a,b,c) erealloc(p, (a)*(b)+(c))
+#endif
#ifndef TRUE
# define TRUE 1
@@ -139,7 +142,7 @@
};
/* }}} */
-#define EXIF_VERSION 1.4 $Id: exif.c,v 1.173.2.5.2.12 2007/02/24 02:17:24
helly Exp $
+#define EXIF_VERSION 1.4 $Id: exif.c,v 1.173.2.5.2.13 2007/02/24 03:08:05
stas Exp $
/* {{{ PHP_MINFO_FUNCTION
*/
@@ -1597,7 +1600,7 @@
file_section*tmp;
int count = ImageInfo-file.count;
- tmp = erealloc(ImageInfo-file.list, (count+1)*sizeof(file_section));
+ tmp = safe_erealloc(ImageInfo-file.list, (count+1),
sizeof(file_section), 0);
ImageInfo-file.list = tmp;
ImageInfo-file.list[count].type = 0x;
ImageInfo-file.list[count].data = NULL;
@@ -1629,7 +1632,7 @@
EXIF_ERRLOG_FSREALLOC(ImageInfo)
return -1;
}
- tmp = erealloc(ImageInfo-file.list[section_index].data, size);
+ tmp = safe_erealloc(ImageInfo-file.list[section_index].data, 1, size,
0);
ImageInfo-file.list[section_index].data = tmp;
ImageInfo-file.list[section_index].size = size;
return 0;
@@ -1669,7 +1672,7 @@
return;
}
- list = erealloc(image_info-info_list[section_index].list,
(image_info-info_list[section_index].count+1)*sizeof(image_info_data));
+ list = safe_erealloc(image_info-info_list[section_index].list,
(image_info-info_list[section_index].count+1), sizeof(image_info_data), 0);
image_info-info_list[section_index].list = list;
info_data =
image_info-info_list[section_index].list[image_info-info_list[section_index].count];
@@ -1807,7 +1810,7 @@
image_info_data *info_data;
image_info_data *list;
- list = erealloc(image_info-info_list[section_index].list,
(image_info-info_list[section_index].count+1)*sizeof(image_info_data));
+ list = safe_erealloc(image_info-info_list[section_index].list,
(image_info-info_list[section_index].count+1), sizeof(image_info_data), 0);
image_info-info_list[section_index].list = list;
info_data =
image_info-info_list[section_index].list[image_info-info_list[section_index].count];
@@ -1830,7 +1833,7 @@
image_info_data *list;
if (value) {
- list = erealloc(image_info-info_list[section_index].list,
(image_info-info_list[section_index].count+1)*sizeof(image_info_data));
+ list = safe_erealloc(image_info-info_list[section_index].list,
(image_info-info_list[section_index].count+1), sizeof(image_info_data), 0);
image_info-info_list[section_index].list = list;
info_data =
image_info-info_list[section_index].list[image_info-info_list[section_index].count];
info_data-tag= TAG_NONE;
@@ -1875,7 +1878,7 @@
image_info_data *list;
if (value) {
- list = erealloc(image_info-info_list[section_index].list,
(image_info-info_list[section_index].count+1)*sizeof(image_info_data));
+ list = safe_erealloc(image_info-info_list[section_index].list,
(image_info-info_list[section_index].count+1), sizeof(image_info_data), 0);
image_info-info_list[section_index].list = list;
info_data =
image_info-info_list[section_index].list[image_info-info_list[section_index].count];
info_data-tag= TAG_NONE;
@@ -2489,7 +2492,7 @@
}
}
new_move = new_size;
- new_data = erealloc(ImageInfo-Thumbnail.data,
ImageInfo-Thumbnail.size+new_size);
+ new_data = safe_erealloc(ImageInfo-Thumbnail.data, 1,
ImageInfo-Thumbnail.size, new_size);
ImageInfo-Thumbnail.data = new_data;
memmove(ImageInfo-Thumbnail.data + new_move,
ImageInfo-Thumbnail.data, ImageInfo-Thumbnail.size);
ImageInfo-Thumbnail.size += new_size;
@@ -2985,7 +2988,7 @@
case TAG_XP_AUTHOR:
case
[PHP-CVS] cvs: php-src(PHP_5_2) /ext/exif exif.c
iliaa Tue Jan 23 00:23:17 2007 UTC
Modified files: (Branch: PHP_5_2)
/php-src/ext/exif exif.c
Log:
emalloc() - safe_emalloc()
http://cvs.php.net/viewvc.cgi/php-src/ext/exif/exif.c?r1=1.173.2.5.2.10r2=1.173.2.5.2.11diff_format=u
Index: php-src/ext/exif/exif.c
diff -u php-src/ext/exif/exif.c:1.173.2.5.2.10
php-src/ext/exif/exif.c:1.173.2.5.2.11
--- php-src/ext/exif/exif.c:1.173.2.5.2.10 Tue Jan 9 17:55:29 2007
+++ php-src/ext/exif/exif.c Tue Jan 23 00:23:17 2007
@@ -17,7 +17,7 @@
+--+
*/
-/* $Id: exif.c,v 1.173.2.5.2.10 2007/01/09 17:55:29 helly Exp $ */
+/* $Id: exif.c,v 1.173.2.5.2.11 2007/01/23 00:23:17 iliaa Exp $ */
/* ToDos
*
@@ -139,7 +139,7 @@
};
/* }}} */
-#define EXIF_VERSION 1.4 $Id: exif.c,v 1.173.2.5.2.10 2007/01/09 17:55:29
helly Exp $
+#define EXIF_VERSION 1.4 $Id: exif.c,v 1.173.2.5.2.11 2007/01/23 00:23:17
iliaa Exp $
/* {{{ PHP_MINFO_FUNCTION
*/
@@ -1606,7 +1606,7 @@
if (!size) {
data = NULL;
} else if (data == NULL) {
- data = emalloc(size);
+ data = safe_emalloc(size, 1, 0);
}
ImageInfo-file.list[count].type = type;
ImageInfo-file.list[count].data = data;
@@ -2383,7 +2383,7 @@
image_info_value *info_value;
byte_count = php_tiff_bytes_per_format[info_data-format] *
info_data-length;
- value_ptr = emalloc(max(byte_count, 4));
+ value_ptr = safe_emalloc(max(byte_count, 4), 1, 0);
memset(value_ptr, 0, 4);
if (!info_data-length) {
return value_ptr;
@@ -2875,7 +2875,7 @@
}
if (byte_countsizeof(cbuf)) {
/* mark as outside range and get buffer */
- value_ptr = emalloc(byte_count);
+ value_ptr = safe_emalloc(byte_count, 1, 0);
outside = value_ptr;
} else {
/*
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_2) /ext/exif exif.c
tony2001Tue Jan 9 11:37:17 2007 UTC
Modified files: (Branch: PHP_5_2)
/php-src/ext/exif exif.c
Log:
MFH: zerofill info_data and fix possible segfault
partly fixes #40073
http://cvs.php.net/viewvc.cgi/php-src/ext/exif/exif.c?r1=1.173.2.5.2.8r2=1.173.2.5.2.9diff_format=u
Index: php-src/ext/exif/exif.c
diff -u php-src/ext/exif/exif.c:1.173.2.5.2.8
php-src/ext/exif/exif.c:1.173.2.5.2.9
--- php-src/ext/exif/exif.c:1.173.2.5.2.8 Mon Jan 1 09:36:00 2007
+++ php-src/ext/exif/exif.c Tue Jan 9 11:37:17 2007
@@ -17,7 +17,7 @@
+--+
*/
-/* $Id: exif.c,v 1.173.2.5.2.8 2007/01/01 09:36:00 sebastian Exp $ */
+/* $Id: exif.c,v 1.173.2.5.2.9 2007/01/09 11:37:17 tony2001 Exp $ */
/* ToDos
*
@@ -139,7 +139,7 @@
};
/* }}} */
-#define EXIF_VERSION 1.4 $Id: exif.c,v 1.173.2.5.2.8 2007/01/01 09:36:00
sebastian Exp $
+#define EXIF_VERSION 1.4 $Id: exif.c,v 1.173.2.5.2.9 2007/01/09 11:37:17
tony2001 Exp $
/* {{{ PHP_MINFO_FUNCTION
*/
@@ -1599,6 +1599,7 @@
image_info-info_list[section_index].list = list;
info_data =
image_info-info_list[section_index].list[image_info-info_list[section_index].count];
+ memset(info_data, 0, sizeof(image_info_data));
info_data-tag= tag;
info_data-format = format;
info_data-length = length;
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_2) /ext/exif exif.c
helly Tue Jan 9 17:55:29 2007 UTC
Modified files: (Branch: PHP_5_2)
/php-src/ext/exif exif.c
Log:
- MFH Fix for #40073
http://cvs.php.net/viewvc.cgi/php-src/ext/exif/exif.c?r1=1.173.2.5.2.9r2=1.173.2.5.2.10diff_format=u
Index: php-src/ext/exif/exif.c
diff -u php-src/ext/exif/exif.c:1.173.2.5.2.9
php-src/ext/exif/exif.c:1.173.2.5.2.10
--- php-src/ext/exif/exif.c:1.173.2.5.2.9 Tue Jan 9 11:37:17 2007
+++ php-src/ext/exif/exif.c Tue Jan 9 17:55:29 2007
@@ -17,7 +17,7 @@
+--+
*/
-/* $Id: exif.c,v 1.173.2.5.2.9 2007/01/09 11:37:17 tony2001 Exp $ */
+/* $Id: exif.c,v 1.173.2.5.2.10 2007/01/09 17:55:29 helly Exp $ */
/* ToDos
*
@@ -139,7 +139,7 @@
};
/* }}} */
-#define EXIF_VERSION 1.4 $Id: exif.c,v 1.173.2.5.2.9 2007/01/09 11:37:17
tony2001 Exp $
+#define EXIF_VERSION 1.4 $Id: exif.c,v 1.173.2.5.2.10 2007/01/09 17:55:29
helly Exp $
/* {{{ PHP_MINFO_FUNCTION
*/
@@ -1150,6 +1150,80 @@
}
/* }}} */
+#ifdef EXIF_DEBUG
+char * exif_dump_data(int *dump_free, int format, int components, int length,
int motorola_intel, char *value_ptr TSRMLS_DC) /* {{{ */
+{
+ char *dump;
+ int len;
+
+ *dump_free = 0;
+ if (format == TAG_FMT_STRING) {
+ return value_ptr ? value_ptr : no data;
+ }
+ if (format == TAG_FMT_UNDEFINED) {
+ return undefined\n;
+ }
+ if (format == TAG_FMT_IFD) {
+ return ;
+ }
+ if (format == TAG_FMT_SINGLE || format == TAG_FMT_DOUBLE) {
+ return not implemented;
+ }
+ *dump_free = 1;
+ if (components 1) {
+ len = spprintf(dump, 0, (%d,%d) {, components, length);
+ } else {
+ len = spprintf(dump, 0, {);
+ }
+ while(components 0) {
+ switch(format) {
+ case TAG_FMT_BYTE:
+ case TAG_FMT_UNDEFINED:
+ case TAG_FMT_STRING:
+ case TAG_FMT_SBYTE:
+ dump = erealloc(dump, len + 4);
+ sprintf(dump + len, 0x%02X, *value_ptr);
+ len += 4;
+ value_ptr++;
+ break;
+ case TAG_FMT_USHORT:
+ case TAG_FMT_SSHORT:
+ dump = erealloc(dump, len + 6);
+ sprintf(dump + len, 0x%04X,
php_ifd_get16s(value_ptr, motorola_intel));
+ len += 6;
+ value_ptr += 2;
+ break;
+ case TAG_FMT_ULONG:
+ case TAG_FMT_SLONG:
+ dump = erealloc(dump, len + 6);
+ sprintf(dump + len, 0x%04X,
php_ifd_get32s(value_ptr, motorola_intel));
+ len += 6;
+ value_ptr += 4;
+ break;
+ case TAG_FMT_URATIONAL:
+ case TAG_FMT_SRATIONAL:
+ dump = erealloc(dump, len + 13);
+ sprintf(dump + len, 0x%04X/0x%04X,
php_ifd_get32s(value_ptr, motorola_intel), php_ifd_get32s(value_ptr+4,
motorola_intel));
+ len += 13;
+ value_ptr += 8;
+ break;
+ }
+ if (components 0) {
+ dump = erealloc(dump, len + 2);
+ sprintf(dump + len, , );
+ len += 2;
+ components--;
+ } else{
+ break;
+ }
+ }
+ dump = erealloc(dump, len + 2);
+ sprintf(dump + len, });
+ return dump;
+}
+/* }}} */
+#endif
+
/* {{{ exif_convert_any_format
* Evaluate number, be it int, rational, or float from directory. */
static double exif_convert_any_format(void *value, int format, int
motorola_intel TSRMLS_DC)
@@ -2747,10 +2821,14 @@
char *value_ptr, tagname[64], cbuf[32], *outside=NULL;
size_t byte_count, offset_val, fpos, fgot;
xp_field_type *tmp_xp;
+#ifdef EXIF_DEBUG
+ char *dump_data;
+ int dump_free;
+#endif /* EXIF_DEBUG */
/* Protect against corrupt headers */
if (ImageInfo-ifd_nesting_level MAX_IFD_NESTING_LEVEL) {
- exif_error_docref(exif_read_data#error_ifd TSRMLS_CC,
ImageInfo, E_WARNING, corrupt EXIF header: maximum directory nesting level
reached);
+ exif_error_docref(exif_read_data#error_ifd EXIFERR_CC,
ImageInfo, E_WARNING, corrupt EXIF header: maximum directory nesting level
reached);
return FALSE;
}
[PHP-CVS] cvs: php-src(PHP_5_2) /ext/exif exif.c
iliaa Mon Dec 25 23:43:10 2006 UTC
Modified files: (Branch: PHP_5_2)
/php-src/ext/exif exif.c
Log:
Allocation safety checks
http://cvs.php.net/viewvc.cgi/php-src/ext/exif/exif.c?r1=1.173.2.5.2.6r2=1.173.2.5.2.7diff_format=u
Index: php-src/ext/exif/exif.c
diff -u php-src/ext/exif/exif.c:1.173.2.5.2.6
php-src/ext/exif/exif.c:1.173.2.5.2.7
--- php-src/ext/exif/exif.c:1.173.2.5.2.6 Mon Dec 25 16:48:17 2006
+++ php-src/ext/exif/exif.c Mon Dec 25 23:43:10 2006
@@ -17,7 +17,7 @@
+--+
*/
-/* $Id: exif.c,v 1.173.2.5.2.6 2006/12/25 16:48:17 iliaa Exp $ */
+/* $Id: exif.c,v 1.173.2.5.2.7 2006/12/25 23:43:10 iliaa Exp $ */
/* ToDos
*
@@ -139,7 +139,7 @@
};
/* }}} */
-#define EXIF_VERSION 1.4 $Id: exif.c,v 1.173.2.5.2.6 2006/12/25 16:48:17
iliaa Exp $
+#define EXIF_VERSION 1.4 $Id: exif.c,v 1.173.2.5.2.7 2006/12/25 23:43:10
iliaa Exp $
/* {{{ PHP_MINFO_FUNCTION
*/
@@ -3590,7 +3590,7 @@
exif_error_docref(NULL EXIFERR_CC, ImageInfo, E_NOTICE, %s THUMBNAIL @0x%04X +
0x%04X, ImageInfo-Thumbnail.data ? Ignore : Read,
ImageInfo-Thumbnail.offset, ImageInfo-Thumbnail.size);
#endif
if
(!ImageInfo-Thumbnail.data) {
-
ImageInfo-Thumbnail.data = emalloc(ImageInfo-Thumbnail.size);
+
ImageInfo-Thumbnail.data = safe_emalloc(ImageInfo-Thumbnail.size, 1, 0);
php_stream_seek(ImageInfo-infile, ImageInfo-Thumbnail.offset, SEEK_SET);
fgot =
php_stream_read(ImageInfo-infile, ImageInfo-Thumbnail.data,
ImageInfo-Thumbnail.size);
if
(fgot ImageInfo-Thumbnail.size) {
@@ -3623,7 +3623,7 @@
exif_error_docref(NULL EXIFERR_CC,
ImageInfo, E_NOTICE, %s THUMBNAIL @0x%04X + 0x%04X, ImageInfo-Thumbnail.data
? Ignore : Read, ImageInfo-Thumbnail.offset, ImageInfo-Thumbnail.size);
#endif
if (!ImageInfo-Thumbnail.data
ImageInfo-Thumbnail.offset ImageInfo-Thumbnail.size
ImageInfo-read_thumbnail) {
- ImageInfo-Thumbnail.data =
emalloc(ImageInfo-Thumbnail.size);
+ ImageInfo-Thumbnail.data =
safe_emalloc(ImageInfo-Thumbnail.size, 1, 0);
php_stream_seek(ImageInfo-infile, ImageInfo-Thumbnail.offset, SEEK_SET);
fgot =
php_stream_read(ImageInfo-infile, ImageInfo-Thumbnail.data,
ImageInfo-Thumbnail.size);
if (fgot
ImageInfo-Thumbnail.size) {
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_2) /ext/exif exif.c
tony2001Tue Oct 10 22:22:43 2006 UTC
Modified files: (Branch: PHP_5_2)
/php-src/ext/exif exif.c
Log:
MFH: fix leak and typos in error messages
http://cvs.php.net/viewvc.cgi/php-src/ext/exif/exif.c?r1=1.173.2.5.2.3r2=1.173.2.5.2.4diff_format=u
Index: php-src/ext/exif/exif.c
diff -u php-src/ext/exif/exif.c:1.173.2.5.2.3
php-src/ext/exif/exif.c:1.173.2.5.2.4
--- php-src/ext/exif/exif.c:1.173.2.5.2.3 Thu Aug 17 14:32:35 2006
+++ php-src/ext/exif/exif.c Tue Oct 10 22:22:43 2006
@@ -17,7 +17,7 @@
+--+
*/
-/* $Id: exif.c,v 1.173.2.5.2.3 2006/08/17 14:32:35 tony2001 Exp $ */
+/* $Id: exif.c,v 1.173.2.5.2.4 2006/10/10 22:22:43 tony2001 Exp $ */
/* ToDos
*
@@ -139,7 +139,7 @@
};
/* }}} */
-#define EXIF_VERSION 1.4 $Id: exif.c,v 1.173.2.5.2.3 2006/08/17 14:32:35
tony2001 Exp $
+#define EXIF_VERSION 1.4 $Id: exif.c,v 1.173.2.5.2.4 2006/10/10 22:22:43
tony2001 Exp $
/* {{{ PHP_MINFO_FUNCTION
*/
@@ -2182,7 +2182,7 @@
}
} else {
exif_iif_add_tag(image_info, SECTION_COMMENT, Comment,
TAG_COMPUTED_VALUE, TAG_FMT_UNDEFINED, 0, NULL);
- php_error_docref(NULL TSRMLS_CC, E_NOTICE, JPEG2000 comment
section to small);
+ php_error_docref(NULL TSRMLS_CC, E_NOTICE, JPEG2000 comment
section too small);
}
}
#endif
@@ -3708,7 +3708,7 @@
}
}
} else {
- exif_error_docref(NULL EXIFERR_CC, ImageInfo, E_WARNING, File
to small (%d), ImageInfo-FileSize);
+ exif_error_docref(NULL EXIFERR_CC, ImageInfo, E_WARNING, File
too small (%d), ImageInfo-FileSize);
}
return ret;
}
@@ -4022,6 +4022,7 @@
ret = exif_read_file(ImageInfo, p_name, 1, 0 TSRMLS_CC);
if (ret==FALSE) {
+ exif_discard_imageinfo(ImageInfo);
RETURN_FALSE;
}
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_2) /ext/exif exif.c
tony2001Thu Aug 17 14:32:36 2006 UTC
Modified files: (Branch: PHP_5_2)
/php-src/ext/exif exif.c
Log:
initialize static buffer with 0's
http://cvs.php.net/viewvc.cgi/php-src/ext/exif/exif.c?r1=1.173.2.5.2.2r2=1.173.2.5.2.3diff_format=u
Index: php-src/ext/exif/exif.c
diff -u php-src/ext/exif/exif.c:1.173.2.5.2.2
php-src/ext/exif/exif.c:1.173.2.5.2.3
--- php-src/ext/exif/exif.c:1.173.2.5.2.2 Thu Jun 15 18:33:07 2006
+++ php-src/ext/exif/exif.c Thu Aug 17 14:32:35 2006
@@ -17,7 +17,7 @@
+--+
*/
-/* $Id: exif.c,v 1.173.2.5.2.2 2006/06/15 18:33:07 dmitry Exp $ */
+/* $Id: exif.c,v 1.173.2.5.2.3 2006/08/17 14:32:35 tony2001 Exp $ */
/* ToDos
*
@@ -139,7 +139,7 @@
};
/* }}} */
-#define EXIF_VERSION 1.4 $Id: exif.c,v 1.173.2.5.2.2 2006/06/15 18:33:07
dmitry Exp $
+#define EXIF_VERSION 1.4 $Id: exif.c,v 1.173.2.5.2.3 2006/08/17 14:32:35
tony2001 Exp $
/* {{{ PHP_MINFO_FUNCTION
*/
@@ -2806,6 +2806,7 @@
// pointers read without the need to free them
// explicitley before returning.
*/
+ memset(cbuf, 0, sizeof(cbuf));
value_ptr = cbuf;
}
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
