[PHP-CVS] cvs: php-src(PHP_5_2) /ext/exif exif.c /ext/exif/tests bug48378.jpeg bug48378.phpt
pajoye Thu May 28 14:03:09 2009 UTC Added files: (Branch: PHP_5_2) /php-src/ext/exif/tests bug48378.jpeg bug48378.phpt Modified files: /php-src/ext/exif exif.c Log: - MFB: #48378, exif_read_data() segfaults on certain corrupted .jpeg files http://cvs.php.net/viewvc.cgi/php-src/ext/exif/exif.c?r1=1.173.2.5.2.27r2=1.173.2.5.2.28diff_format=u Index: php-src/ext/exif/exif.c diff -u php-src/ext/exif/exif.c:1.173.2.5.2.27 php-src/ext/exif/exif.c:1.173.2.5.2.28 --- php-src/ext/exif/exif.c:1.173.2.5.2.27 Wed Dec 31 11:17:37 2008 +++ php-src/ext/exif/exif.c Thu May 28 14:03:09 2009 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: exif.c,v 1.173.2.5.2.27 2008/12/31 11:17:37 sebastian Exp $ */ +/* $Id: exif.c,v 1.173.2.5.2.28 2009/05/28 14:03:09 pajoye Exp $ */ /* ToDos * @@ -142,7 +142,7 @@ }; /* }}} */ -#define EXIF_VERSION 1.4 $Id: exif.c,v 1.173.2.5.2.27 2008/12/31 11:17:37 sebastian Exp $ +#define EXIF_VERSION 1.4 $Id: exif.c,v 1.173.2.5.2.28 2009/05/28 14:03:09 pajoye Exp $ /* {{{ PHP_MINFO_FUNCTION */ @@ -3215,6 +3215,10 @@ exif_error_docref(NULL EXIFERR_CC, ImageInfo, E_WARNING, Invalid TIFF start (1)); return; } + if (offset_of_ifd length) { + exif_error_docref(NULL EXIFERR_CC, ImageInfo, E_WARNING, Invalid IFD start); + return; + } ImageInfo-sections_found |= FOUND_IFD0; /* First directory starts at offset 8. Offsets starts at 0. */ http://cvs.php.net/viewvc.cgi/php-src/ext/exif/tests/bug48378.phpt?view=markuprev=1.1 Index: php-src/ext/exif/tests/bug48378.phpt +++ php-src/ext/exif/tests/bug48378.phpt --TEST-- Bug #48378 (Infinite recursion due to corrupt JPEG) --SKIPIF-- ?php if (!extension_loaded('exif')) print 'skip exif extension not available';? --FILE-- ?php exif_read_data( dirname(__FILE__) . /bug48378.jpeg, FILE,COMPUTED,ANY_TAG ); ? --EXPECTF-- Warning: exif_read_data(%s): Invalid IFD start in %s48378.php on line %d Warning: exif_read_data(%s): Error reading from file: got=x08B4(=2228) != itemlen-2=x1FFE(=8190) in %s48378.php on line %d Warning: exif_read_data(%s): Invalid JPEG file in %s48378.php on line %d -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_2) /ext/exif exif.c
janiSun Aug 3 12:11:13 2008 UTC Modified files: (Branch: PHP_5_2) /php-src/ext/exif exif.c Log: MFH http://cvs.php.net/viewvc.cgi/php-src/ext/exif/exif.c?r1=1.173.2.5.2.25r2=1.173.2.5.2.26diff_format=u Index: php-src/ext/exif/exif.c diff -u php-src/ext/exif/exif.c:1.173.2.5.2.25 php-src/ext/exif/exif.c:1.173.2.5.2.26 --- php-src/ext/exif/exif.c:1.173.2.5.2.25 Wed Mar 12 17:33:14 2008 +++ php-src/ext/exif/exif.c Sun Aug 3 12:11:13 2008 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: exif.c,v 1.173.2.5.2.25 2008/03/12 17:33:14 iliaa Exp $ */ +/* $Id: exif.c,v 1.173.2.5.2.26 2008/08/03 12:11:13 jani Exp $ */ /* ToDos * @@ -142,7 +142,7 @@ }; /* }}} */ -#define EXIF_VERSION 1.4 $Id: exif.c,v 1.173.2.5.2.25 2008/03/12 17:33:14 iliaa Exp $ +#define EXIF_VERSION 1.4 $Id: exif.c,v 1.173.2.5.2.26 2008/08/03 12:11:13 jani Exp $ /* {{{ PHP_MINFO_FUNCTION */ @@ -2862,11 +2862,9 @@ /* If its bigger than 4 bytes, the dir entry contains an offset. */ value_ptr = offset_base+offset_val; if (offset_val+byte_count IFDlength || value_ptr dir_entry) { - /* - // It is important to check for IMAGE_FILETYPE_TIFF - // JPEG does not use absolute pointers instead its pointers are relative to the start - // of the TIFF header in APP1 section. - */ + /* It is important to check for IMAGE_FILETYPE_TIFF +* JPEG does not use absolute pointers instead its pointers are +* relative to the start of the TIFF header in APP1 section. */ if (offset_val+byte_countImageInfo-FileSize || (ImageInfo-FileType!=IMAGE_FILETYPE_TIFF_II ImageInfo-FileType!=IMAGE_FILETYPE_TIFF_MM ImageInfo-FileType!=IMAGE_FILETYPE_JPEG)) { if (value_ptr dir_entry) { /* we can read this if offset_val 0 */ @@ -2884,13 +2882,11 @@ value_ptr = safe_emalloc(byte_count, 1, 0); outside = value_ptr; } else { - /* - // in most cases we only access a small range so - // it is faster to use a static buffer there - // BUT it offers also the possibility to have - // pointers read without the need to free them - // explicitley before returning. - */ + /* In most cases we only access a small range so +* it is faster to use a static buffer there +* BUT it offers also the possibility to have +* pointers read without the need to free them +* explicitley before returning. */ memset(cbuf, 0, sizeof(cbuf)); value_ptr = cbuf; } -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_2) /ext/exif exif.c
pajoye Fri Mar 7 18:41:02 2008 UTC Modified files: (Branch: PHP_5_2) /php-src/ext/exif exif.c Log: - #44355, compilation breaks due illegal const usage (Guenter Knauf) I suppose it must break on other platform, it is not used anywhere else but here, and it was introduced after 5.2.5 (why no news) http://cvs.php.net/viewvc.cgi/php-src/ext/exif/exif.c?r1=1.173.2.5.2.23r2=1.173.2.5.2.24diff_format=u Index: php-src/ext/exif/exif.c diff -u php-src/ext/exif/exif.c:1.173.2.5.2.23 php-src/ext/exif/exif.c:1.173.2.5.2.24 --- php-src/ext/exif/exif.c:1.173.2.5.2.23 Mon Dec 31 07:20:06 2007 +++ php-src/ext/exif/exif.c Fri Mar 7 18:41:02 2008 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: exif.c,v 1.173.2.5.2.23 2007/12/31 07:20:06 sebastian Exp $ */ +/* $Id: exif.c,v 1.173.2.5.2.24 2008/03/07 18:41:02 pajoye Exp $ */ /* ToDos * @@ -142,7 +142,7 @@ }; /* }}} */ -#define EXIF_VERSION 1.4 $Id: exif.c,v 1.173.2.5.2.23 2007/12/31 07:20:06 sebastian Exp $ +#define EXIF_VERSION 1.4 $Id: exif.c,v 1.173.2.5.2.24 2008/03/07 18:41:02 pajoye Exp $ /* {{{ PHP_MINFO_FUNCTION */ @@ -242,7 +242,7 @@ /* }}} */ /* {{{ exif dependencies */ -static const zend_module_dep exif_module_deps[] = { +static zend_module_dep exif_module_deps[] = { ZEND_MOD_REQUIRED(standard) #if EXIF_USE_MBSTRING ZEND_MOD_REQUIRED(mbstring) -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_2) /ext/exif exif.c
janiMon Dec 17 08:52:30 2007 UTC Modified files: (Branch: PHP_5_2) /php-src/ext/exif exif.c Log: MFH:- Fix indent of macros http://cvs.php.net/viewvc.cgi/php-src/ext/exif/exif.c?r1=1.173.2.5.2.21r2=1.173.2.5.2.22diff_format=u Index: php-src/ext/exif/exif.c diff -u php-src/ext/exif/exif.c:1.173.2.5.2.21 php-src/ext/exif/exif.c:1.173.2.5.2.22 --- php-src/ext/exif/exif.c:1.173.2.5.2.21 Sun Dec 16 17:14:54 2007 +++ php-src/ext/exif/exif.c Mon Dec 17 08:52:30 2007 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: exif.c,v 1.173.2.5.2.21 2007/12/16 17:14:54 iliaa Exp $ */ +/* $Id: exif.c,v 1.173.2.5.2.22 2007/12/17 08:52:30 jani Exp $ */ /* ToDos * @@ -142,7 +142,7 @@ }; /* }}} */ -#define EXIF_VERSION 1.4 $Id: exif.c,v 1.173.2.5.2.21 2007/12/16 17:14:54 iliaa Exp $ +#define EXIF_VERSION 1.4 $Id: exif.c,v 1.173.2.5.2.22 2007/12/17 08:52:30 jani Exp $ /* {{{ PHP_MINFO_FUNCTION */ @@ -244,9 +244,9 @@ /* {{{ exif dependencies */ static const zend_module_dep exif_module_deps[] = { ZEND_MOD_REQUIRED(standard) - #if EXIF_USE_MBSTRING +#if EXIF_USE_MBSTRING ZEND_MOD_REQUIRED(mbstring) - #endif +#endif {NULL, NULL, NULL} }; /* }}} */ -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_2) /ext/exif exif.c
helly Sun Feb 25 13:09:13 2007 UTC Modified files: (Branch: PHP_5_2) /php-src/ext/exif exif.c Log: - MFH Readability http://cvs.php.net/viewvc.cgi/php-src/ext/exif/exif.c?r1=1.173.2.5.2.17r2=1.173.2.5.2.18diff_format=u Index: php-src/ext/exif/exif.c diff -u php-src/ext/exif/exif.c:1.173.2.5.2.17 php-src/ext/exif/exif.c:1.173.2.5.2.18 --- php-src/ext/exif/exif.c:1.173.2.5.2.17 Sat Feb 24 18:02:11 2007 +++ php-src/ext/exif/exif.c Sun Feb 25 13:09:13 2007 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: exif.c,v 1.173.2.5.2.17 2007/02/24 18:02:11 iliaa Exp $ */ +/* $Id: exif.c,v 1.173.2.5.2.18 2007/02/25 13:09:13 helly Exp $ */ /* ToDos * @@ -142,7 +142,7 @@ }; /* }}} */ -#define EXIF_VERSION 1.4 $Id: exif.c,v 1.173.2.5.2.17 2007/02/24 18:02:11 iliaa Exp $ +#define EXIF_VERSION 1.4 $Id: exif.c,v 1.173.2.5.2.18 2007/02/25 13:09:13 helly Exp $ /* {{{ PHP_MINFO_FUNCTION */ @@ -569,7 +569,7 @@ #define TAG_TABLE_END \ {TAG_NONE, No tag value},\ {TAG_COMPUTED_VALUE, Computed value},\ - {TAG_END_OF_LIST,} /* Important for exif_get_tagname() IF value != functionresult is != false */ + {TAG_END_OF_LIST,} /* Important for exif_get_tagname() IF value != function result is != false */ static tag_info_array tag_table_IFD = { { 0x000B, ACDComment}, @@ -996,11 +996,8 @@ int i, t; char tmp[32]; - for (i=0;;i++) { - if ((t=tag_table[i].Tag) == tag_num || t==TAG_END_OF_LIST) { - if (t==TAG_END_OF_LIST) { - break; - } + for (i = 0; (t = tag_table[i].Tag) != TAG_END_OF_LIST; i++) { + if (t == tag_num) { if (ret len) { strlcpy(ret, tag_table[i].Desc, abs(len)); if (len 0) { -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_2) /ext/exif exif.c
helly Sat Feb 24 14:28:09 2007 UTC Modified files: (Branch: PHP_5_2) /php-src/ext/exif exif.c Log: - Make debug code really safe http://cvs.php.net/viewvc.cgi/php-src/ext/exif/exif.c?r1=1.173.2.5.2.13r2=1.173.2.5.2.14diff_format=u Index: php-src/ext/exif/exif.c diff -u php-src/ext/exif/exif.c:1.173.2.5.2.13 php-src/ext/exif/exif.c:1.173.2.5.2.14 --- php-src/ext/exif/exif.c:1.173.2.5.2.13 Sat Feb 24 03:08:05 2007 +++ php-src/ext/exif/exif.c Sat Feb 24 14:28:09 2007 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: exif.c,v 1.173.2.5.2.13 2007/02/24 03:08:05 stas Exp $ */ +/* $Id: exif.c,v 1.173.2.5.2.14 2007/02/24 14:28:09 helly Exp $ */ /* ToDos * @@ -142,7 +142,7 @@ }; /* }}} */ -#define EXIF_VERSION 1.4 $Id: exif.c,v 1.173.2.5.2.13 2007/02/24 03:08:05 stas Exp $ +#define EXIF_VERSION 1.4 $Id: exif.c,v 1.173.2.5.2.14 2007/02/24 14:28:09 helly Exp $ /* {{{ PHP_MINFO_FUNCTION */ @@ -1185,43 +1185,43 @@ case TAG_FMT_STRING: case TAG_FMT_SBYTE: dump = erealloc(dump, len + 4 + 1); - snprintf(dump + len, 4, 0x%02X, *value_ptr); + snprintf(dump + len, 4 + 1, 0x%02X, *value_ptr); len += 4; value_ptr++; break; case TAG_FMT_USHORT: case TAG_FMT_SSHORT: dump = erealloc(dump, len + 6 + 1); - snprintf(dump + len, 6, 0x%04X, php_ifd_get16s(value_ptr, motorola_intel)); + snprintf(dump + len, 6 + 1, 0x%04X, php_ifd_get16s(value_ptr, motorola_intel)); len += 6; value_ptr += 2; break; case TAG_FMT_ULONG: case TAG_FMT_SLONG: dump = erealloc(dump, len + 6 + 1); - snprintf(dump + len, 6, 0x%04X, php_ifd_get32s(value_ptr, motorola_intel)); + snprintf(dump + len, 6 + 1, 0x%04X, php_ifd_get32s(value_ptr, motorola_intel)); len += 6; value_ptr += 4; break; case TAG_FMT_URATIONAL: case TAG_FMT_SRATIONAL: dump = erealloc(dump, len + 13 + 1); - snprintf(dump + len, 13, 0x%04X/0x%04X, php_ifd_get32s(value_ptr, motorola_intel), php_ifd_get32s(value_ptr+4, motorola_intel)); + snprintf(dump + len, 13 + 1, 0x%04X/0x%04X, php_ifd_get32s(value_ptr, motorola_intel), php_ifd_get32s(value_ptr+4, motorola_intel)); len += 13; value_ptr += 8; break; } if (components 0) { - dump = erealloc(dump, len + 4 + 1); - snprintf(dump + len, 4, , ); + dump = erealloc(dump, len + 2 + 1); + snprintf(dump + len, 2 + 1, , ); len += 2; components--; } else{ break; } } - dump = erealloc(dump, len + 2 + 1); - snprintf(dump + len, 2, }); + dump = erealloc(dump, len + 1 + 1); + snprintf(dump + len, 1 + 1, }); return dump; } /* }}} */ -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_2) /ext/exif exif.c
iliaa Sat Feb 24 17:40:45 2007 UTC Modified files: (Branch: PHP_5_2) /php-src/ext/exif exif.c Log: Eliminate strncpy and simplify code http://cvs.php.net/viewvc.cgi/php-src/ext/exif/exif.c?r1=1.173.2.5.2.14r2=1.173.2.5.2.15diff_format=u Index: php-src/ext/exif/exif.c diff -u php-src/ext/exif/exif.c:1.173.2.5.2.14 php-src/ext/exif/exif.c:1.173.2.5.2.15 --- php-src/ext/exif/exif.c:1.173.2.5.2.14 Sat Feb 24 14:28:09 2007 +++ php-src/ext/exif/exif.c Sat Feb 24 17:40:45 2007 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: exif.c,v 1.173.2.5.2.14 2007/02/24 14:28:09 helly Exp $ */ +/* $Id: exif.c,v 1.173.2.5.2.15 2007/02/24 17:40:45 iliaa Exp $ */ /* ToDos * @@ -142,7 +142,7 @@ }; /* }}} */ -#define EXIF_VERSION 1.4 $Id: exif.c,v 1.173.2.5.2.14 2007/02/24 14:28:09 helly Exp $ +#define EXIF_VERSION 1.4 $Id: exif.c,v 1.173.2.5.2.15 2007/02/24 17:40:45 iliaa Exp $ /* {{{ PHP_MINFO_FUNCTION */ @@ -1002,13 +1002,10 @@ break; } if (ret len) { - strncpy(ret, tag_table[i].Desc, abs(len)); - if (len0) { - len = -len; - ret[len-1]='\0'; - for(i=strlen(ret);ilen;i++)ret[i]=' '; + strlcpy(ret, tag_table[i].Desc, abs(len)); + if (len 0) { + memset(ret, ' ', -len - 1); } - ret[len-1]='\0'; return ret; } return tag_table[i].Desc; @@ -1016,13 +1013,10 @@ } if (ret len) { snprintf(tmp, sizeof(tmp), UndefinedTag:0x%04X, tag_num); - strncpy(ret, tmp, abs(len)); - if (len0) { - len = -len; - ret[len-1]='\0'; - for(i=strlen(ret);ilen;i++)ret[i]=' '; + strlcpy(ret, tmp, abs(len)); + if (len 0) { + memset(ret, ' ', -len - 1); } - ret[len-1]='\0'; return ret; } return ; -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_2) /ext/exif exif.c
iliaa Sat Feb 24 17:57:57 2007 UTC Modified files: (Branch: PHP_5_2) /php-src/ext/exif exif.c Log: Pad to given length, not replace data with spaces http://cvs.php.net/viewvc.cgi/php-src/ext/exif/exif.c?r1=1.173.2.5.2.15r2=1.173.2.5.2.16diff_format=u Index: php-src/ext/exif/exif.c diff -u php-src/ext/exif/exif.c:1.173.2.5.2.15 php-src/ext/exif/exif.c:1.173.2.5.2.16 --- php-src/ext/exif/exif.c:1.173.2.5.2.15 Sat Feb 24 17:40:45 2007 +++ php-src/ext/exif/exif.c Sat Feb 24 17:57:57 2007 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: exif.c,v 1.173.2.5.2.15 2007/02/24 17:40:45 iliaa Exp $ */ +/* $Id: exif.c,v 1.173.2.5.2.16 2007/02/24 17:57:57 iliaa Exp $ */ /* ToDos * @@ -142,7 +142,7 @@ }; /* }}} */ -#define EXIF_VERSION 1.4 $Id: exif.c,v 1.173.2.5.2.15 2007/02/24 17:40:45 iliaa Exp $ +#define EXIF_VERSION 1.4 $Id: exif.c,v 1.173.2.5.2.16 2007/02/24 17:57:57 iliaa Exp $ /* {{{ PHP_MINFO_FUNCTION */ @@ -1004,18 +1004,21 @@ if (ret len) { strlcpy(ret, tag_table[i].Desc, abs(len)); if (len 0) { - memset(ret, ' ', -len - 1); + memset(ret + strlen(ret), ' ', -len - strlen(ret) - 1); + ret[-len] = '\0'; } return ret; } return tag_table[i].Desc; } } + if (ret len) { snprintf(tmp, sizeof(tmp), UndefinedTag:0x%04X, tag_num); strlcpy(ret, tmp, abs(len)); if (len 0) { - memset(ret, ' ', -len - 1); + memset(ret + strlen(ret), ' ', -len - strlen(ret) - 1); + ret[-len] = '\0'; } return ret; } -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_2) /ext/exif exif.c
iliaa Sat Feb 24 18:02:11 2007 UTC Modified files: (Branch: PHP_5_2) /php-src/ext/exif exif.c Log: missing -1 http://cvs.php.net/viewvc.cgi/php-src/ext/exif/exif.c?r1=1.173.2.5.2.16r2=1.173.2.5.2.17diff_format=u Index: php-src/ext/exif/exif.c diff -u php-src/ext/exif/exif.c:1.173.2.5.2.16 php-src/ext/exif/exif.c:1.173.2.5.2.17 --- php-src/ext/exif/exif.c:1.173.2.5.2.16 Sat Feb 24 17:57:57 2007 +++ php-src/ext/exif/exif.c Sat Feb 24 18:02:11 2007 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: exif.c,v 1.173.2.5.2.16 2007/02/24 17:57:57 iliaa Exp $ */ +/* $Id: exif.c,v 1.173.2.5.2.17 2007/02/24 18:02:11 iliaa Exp $ */ /* ToDos * @@ -142,7 +142,7 @@ }; /* }}} */ -#define EXIF_VERSION 1.4 $Id: exif.c,v 1.173.2.5.2.16 2007/02/24 17:57:57 iliaa Exp $ +#define EXIF_VERSION 1.4 $Id: exif.c,v 1.173.2.5.2.17 2007/02/24 18:02:11 iliaa Exp $ /* {{{ PHP_MINFO_FUNCTION */ @@ -1005,7 +1005,7 @@ strlcpy(ret, tag_table[i].Desc, abs(len)); if (len 0) { memset(ret + strlen(ret), ' ', -len - strlen(ret) - 1); - ret[-len] = '\0'; + ret[-len - 1] = '\0'; } return ret; } @@ -1018,7 +1018,7 @@ strlcpy(ret, tmp, abs(len)); if (len 0) { memset(ret + strlen(ret), ' ', -len - strlen(ret) - 1); - ret[-len] = '\0'; + ret[-len - 1] = '\0'; } return ret; } -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_2) /ext/exif exif.c
stasSat Feb 24 03:08:06 2007 UTC Modified files: (Branch: PHP_5_2) /php-src/ext/exif exif.c Log: use safe allocations http://cvs.php.net/viewvc.cgi/php-src/ext/exif/exif.c?r1=1.173.2.5.2.12r2=1.173.2.5.2.13diff_format=u Index: php-src/ext/exif/exif.c diff -u php-src/ext/exif/exif.c:1.173.2.5.2.12 php-src/ext/exif/exif.c:1.173.2.5.2.13 --- php-src/ext/exif/exif.c:1.173.2.5.2.12 Sat Feb 24 02:17:24 2007 +++ php-src/ext/exif/exif.c Sat Feb 24 03:08:05 2007 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: exif.c,v 1.173.2.5.2.12 2007/02/24 02:17:24 helly Exp $ */ +/* $Id: exif.c,v 1.173.2.5.2.13 2007/02/24 03:08:05 stas Exp $ */ /* ToDos * @@ -84,6 +84,9 @@ #ifndef safe_emalloc # define safe_emalloc(a,b,c) emalloc((a)*(b)+(c)) #endif +#ifndef safe_erealloc +# define safe_erealloc(p,a,b,c) erealloc(p, (a)*(b)+(c)) +#endif #ifndef TRUE # define TRUE 1 @@ -139,7 +142,7 @@ }; /* }}} */ -#define EXIF_VERSION 1.4 $Id: exif.c,v 1.173.2.5.2.12 2007/02/24 02:17:24 helly Exp $ +#define EXIF_VERSION 1.4 $Id: exif.c,v 1.173.2.5.2.13 2007/02/24 03:08:05 stas Exp $ /* {{{ PHP_MINFO_FUNCTION */ @@ -1597,7 +1600,7 @@ file_section*tmp; int count = ImageInfo-file.count; - tmp = erealloc(ImageInfo-file.list, (count+1)*sizeof(file_section)); + tmp = safe_erealloc(ImageInfo-file.list, (count+1), sizeof(file_section), 0); ImageInfo-file.list = tmp; ImageInfo-file.list[count].type = 0x; ImageInfo-file.list[count].data = NULL; @@ -1629,7 +1632,7 @@ EXIF_ERRLOG_FSREALLOC(ImageInfo) return -1; } - tmp = erealloc(ImageInfo-file.list[section_index].data, size); + tmp = safe_erealloc(ImageInfo-file.list[section_index].data, 1, size, 0); ImageInfo-file.list[section_index].data = tmp; ImageInfo-file.list[section_index].size = size; return 0; @@ -1669,7 +1672,7 @@ return; } - list = erealloc(image_info-info_list[section_index].list, (image_info-info_list[section_index].count+1)*sizeof(image_info_data)); + list = safe_erealloc(image_info-info_list[section_index].list, (image_info-info_list[section_index].count+1), sizeof(image_info_data), 0); image_info-info_list[section_index].list = list; info_data = image_info-info_list[section_index].list[image_info-info_list[section_index].count]; @@ -1807,7 +1810,7 @@ image_info_data *info_data; image_info_data *list; - list = erealloc(image_info-info_list[section_index].list, (image_info-info_list[section_index].count+1)*sizeof(image_info_data)); + list = safe_erealloc(image_info-info_list[section_index].list, (image_info-info_list[section_index].count+1), sizeof(image_info_data), 0); image_info-info_list[section_index].list = list; info_data = image_info-info_list[section_index].list[image_info-info_list[section_index].count]; @@ -1830,7 +1833,7 @@ image_info_data *list; if (value) { - list = erealloc(image_info-info_list[section_index].list, (image_info-info_list[section_index].count+1)*sizeof(image_info_data)); + list = safe_erealloc(image_info-info_list[section_index].list, (image_info-info_list[section_index].count+1), sizeof(image_info_data), 0); image_info-info_list[section_index].list = list; info_data = image_info-info_list[section_index].list[image_info-info_list[section_index].count]; info_data-tag= TAG_NONE; @@ -1875,7 +1878,7 @@ image_info_data *list; if (value) { - list = erealloc(image_info-info_list[section_index].list, (image_info-info_list[section_index].count+1)*sizeof(image_info_data)); + list = safe_erealloc(image_info-info_list[section_index].list, (image_info-info_list[section_index].count+1), sizeof(image_info_data), 0); image_info-info_list[section_index].list = list; info_data = image_info-info_list[section_index].list[image_info-info_list[section_index].count]; info_data-tag= TAG_NONE; @@ -2489,7 +2492,7 @@ } } new_move = new_size; - new_data = erealloc(ImageInfo-Thumbnail.data, ImageInfo-Thumbnail.size+new_size); + new_data = safe_erealloc(ImageInfo-Thumbnail.data, 1, ImageInfo-Thumbnail.size, new_size); ImageInfo-Thumbnail.data = new_data; memmove(ImageInfo-Thumbnail.data + new_move, ImageInfo-Thumbnail.data, ImageInfo-Thumbnail.size); ImageInfo-Thumbnail.size += new_size; @@ -2985,7 +2988,7 @@ case TAG_XP_AUTHOR: case
[PHP-CVS] cvs: php-src(PHP_5_2) /ext/exif exif.c
iliaa Tue Jan 23 00:23:17 2007 UTC Modified files: (Branch: PHP_5_2) /php-src/ext/exif exif.c Log: emalloc() - safe_emalloc() http://cvs.php.net/viewvc.cgi/php-src/ext/exif/exif.c?r1=1.173.2.5.2.10r2=1.173.2.5.2.11diff_format=u Index: php-src/ext/exif/exif.c diff -u php-src/ext/exif/exif.c:1.173.2.5.2.10 php-src/ext/exif/exif.c:1.173.2.5.2.11 --- php-src/ext/exif/exif.c:1.173.2.5.2.10 Tue Jan 9 17:55:29 2007 +++ php-src/ext/exif/exif.c Tue Jan 23 00:23:17 2007 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: exif.c,v 1.173.2.5.2.10 2007/01/09 17:55:29 helly Exp $ */ +/* $Id: exif.c,v 1.173.2.5.2.11 2007/01/23 00:23:17 iliaa Exp $ */ /* ToDos * @@ -139,7 +139,7 @@ }; /* }}} */ -#define EXIF_VERSION 1.4 $Id: exif.c,v 1.173.2.5.2.10 2007/01/09 17:55:29 helly Exp $ +#define EXIF_VERSION 1.4 $Id: exif.c,v 1.173.2.5.2.11 2007/01/23 00:23:17 iliaa Exp $ /* {{{ PHP_MINFO_FUNCTION */ @@ -1606,7 +1606,7 @@ if (!size) { data = NULL; } else if (data == NULL) { - data = emalloc(size); + data = safe_emalloc(size, 1, 0); } ImageInfo-file.list[count].type = type; ImageInfo-file.list[count].data = data; @@ -2383,7 +2383,7 @@ image_info_value *info_value; byte_count = php_tiff_bytes_per_format[info_data-format] * info_data-length; - value_ptr = emalloc(max(byte_count, 4)); + value_ptr = safe_emalloc(max(byte_count, 4), 1, 0); memset(value_ptr, 0, 4); if (!info_data-length) { return value_ptr; @@ -2875,7 +2875,7 @@ } if (byte_countsizeof(cbuf)) { /* mark as outside range and get buffer */ - value_ptr = emalloc(byte_count); + value_ptr = safe_emalloc(byte_count, 1, 0); outside = value_ptr; } else { /* -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_2) /ext/exif exif.c
tony2001Tue Jan 9 11:37:17 2007 UTC Modified files: (Branch: PHP_5_2) /php-src/ext/exif exif.c Log: MFH: zerofill info_data and fix possible segfault partly fixes #40073 http://cvs.php.net/viewvc.cgi/php-src/ext/exif/exif.c?r1=1.173.2.5.2.8r2=1.173.2.5.2.9diff_format=u Index: php-src/ext/exif/exif.c diff -u php-src/ext/exif/exif.c:1.173.2.5.2.8 php-src/ext/exif/exif.c:1.173.2.5.2.9 --- php-src/ext/exif/exif.c:1.173.2.5.2.8 Mon Jan 1 09:36:00 2007 +++ php-src/ext/exif/exif.c Tue Jan 9 11:37:17 2007 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: exif.c,v 1.173.2.5.2.8 2007/01/01 09:36:00 sebastian Exp $ */ +/* $Id: exif.c,v 1.173.2.5.2.9 2007/01/09 11:37:17 tony2001 Exp $ */ /* ToDos * @@ -139,7 +139,7 @@ }; /* }}} */ -#define EXIF_VERSION 1.4 $Id: exif.c,v 1.173.2.5.2.8 2007/01/01 09:36:00 sebastian Exp $ +#define EXIF_VERSION 1.4 $Id: exif.c,v 1.173.2.5.2.9 2007/01/09 11:37:17 tony2001 Exp $ /* {{{ PHP_MINFO_FUNCTION */ @@ -1599,6 +1599,7 @@ image_info-info_list[section_index].list = list; info_data = image_info-info_list[section_index].list[image_info-info_list[section_index].count]; + memset(info_data, 0, sizeof(image_info_data)); info_data-tag= tag; info_data-format = format; info_data-length = length; -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_2) /ext/exif exif.c
helly Tue Jan 9 17:55:29 2007 UTC Modified files: (Branch: PHP_5_2) /php-src/ext/exif exif.c Log: - MFH Fix for #40073 http://cvs.php.net/viewvc.cgi/php-src/ext/exif/exif.c?r1=1.173.2.5.2.9r2=1.173.2.5.2.10diff_format=u Index: php-src/ext/exif/exif.c diff -u php-src/ext/exif/exif.c:1.173.2.5.2.9 php-src/ext/exif/exif.c:1.173.2.5.2.10 --- php-src/ext/exif/exif.c:1.173.2.5.2.9 Tue Jan 9 11:37:17 2007 +++ php-src/ext/exif/exif.c Tue Jan 9 17:55:29 2007 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: exif.c,v 1.173.2.5.2.9 2007/01/09 11:37:17 tony2001 Exp $ */ +/* $Id: exif.c,v 1.173.2.5.2.10 2007/01/09 17:55:29 helly Exp $ */ /* ToDos * @@ -139,7 +139,7 @@ }; /* }}} */ -#define EXIF_VERSION 1.4 $Id: exif.c,v 1.173.2.5.2.9 2007/01/09 11:37:17 tony2001 Exp $ +#define EXIF_VERSION 1.4 $Id: exif.c,v 1.173.2.5.2.10 2007/01/09 17:55:29 helly Exp $ /* {{{ PHP_MINFO_FUNCTION */ @@ -1150,6 +1150,80 @@ } /* }}} */ +#ifdef EXIF_DEBUG +char * exif_dump_data(int *dump_free, int format, int components, int length, int motorola_intel, char *value_ptr TSRMLS_DC) /* {{{ */ +{ + char *dump; + int len; + + *dump_free = 0; + if (format == TAG_FMT_STRING) { + return value_ptr ? value_ptr : no data; + } + if (format == TAG_FMT_UNDEFINED) { + return undefined\n; + } + if (format == TAG_FMT_IFD) { + return ; + } + if (format == TAG_FMT_SINGLE || format == TAG_FMT_DOUBLE) { + return not implemented; + } + *dump_free = 1; + if (components 1) { + len = spprintf(dump, 0, (%d,%d) {, components, length); + } else { + len = spprintf(dump, 0, {); + } + while(components 0) { + switch(format) { + case TAG_FMT_BYTE: + case TAG_FMT_UNDEFINED: + case TAG_FMT_STRING: + case TAG_FMT_SBYTE: + dump = erealloc(dump, len + 4); + sprintf(dump + len, 0x%02X, *value_ptr); + len += 4; + value_ptr++; + break; + case TAG_FMT_USHORT: + case TAG_FMT_SSHORT: + dump = erealloc(dump, len + 6); + sprintf(dump + len, 0x%04X, php_ifd_get16s(value_ptr, motorola_intel)); + len += 6; + value_ptr += 2; + break; + case TAG_FMT_ULONG: + case TAG_FMT_SLONG: + dump = erealloc(dump, len + 6); + sprintf(dump + len, 0x%04X, php_ifd_get32s(value_ptr, motorola_intel)); + len += 6; + value_ptr += 4; + break; + case TAG_FMT_URATIONAL: + case TAG_FMT_SRATIONAL: + dump = erealloc(dump, len + 13); + sprintf(dump + len, 0x%04X/0x%04X, php_ifd_get32s(value_ptr, motorola_intel), php_ifd_get32s(value_ptr+4, motorola_intel)); + len += 13; + value_ptr += 8; + break; + } + if (components 0) { + dump = erealloc(dump, len + 2); + sprintf(dump + len, , ); + len += 2; + components--; + } else{ + break; + } + } + dump = erealloc(dump, len + 2); + sprintf(dump + len, }); + return dump; +} +/* }}} */ +#endif + /* {{{ exif_convert_any_format * Evaluate number, be it int, rational, or float from directory. */ static double exif_convert_any_format(void *value, int format, int motorola_intel TSRMLS_DC) @@ -2747,10 +2821,14 @@ char *value_ptr, tagname[64], cbuf[32], *outside=NULL; size_t byte_count, offset_val, fpos, fgot; xp_field_type *tmp_xp; +#ifdef EXIF_DEBUG + char *dump_data; + int dump_free; +#endif /* EXIF_DEBUG */ /* Protect against corrupt headers */ if (ImageInfo-ifd_nesting_level MAX_IFD_NESTING_LEVEL) { - exif_error_docref(exif_read_data#error_ifd TSRMLS_CC, ImageInfo, E_WARNING, corrupt EXIF header: maximum directory nesting level reached); + exif_error_docref(exif_read_data#error_ifd EXIFERR_CC, ImageInfo, E_WARNING, corrupt EXIF header: maximum directory nesting level reached); return FALSE; }
[PHP-CVS] cvs: php-src(PHP_5_2) /ext/exif exif.c
iliaa Mon Dec 25 23:43:10 2006 UTC Modified files: (Branch: PHP_5_2) /php-src/ext/exif exif.c Log: Allocation safety checks http://cvs.php.net/viewvc.cgi/php-src/ext/exif/exif.c?r1=1.173.2.5.2.6r2=1.173.2.5.2.7diff_format=u Index: php-src/ext/exif/exif.c diff -u php-src/ext/exif/exif.c:1.173.2.5.2.6 php-src/ext/exif/exif.c:1.173.2.5.2.7 --- php-src/ext/exif/exif.c:1.173.2.5.2.6 Mon Dec 25 16:48:17 2006 +++ php-src/ext/exif/exif.c Mon Dec 25 23:43:10 2006 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: exif.c,v 1.173.2.5.2.6 2006/12/25 16:48:17 iliaa Exp $ */ +/* $Id: exif.c,v 1.173.2.5.2.7 2006/12/25 23:43:10 iliaa Exp $ */ /* ToDos * @@ -139,7 +139,7 @@ }; /* }}} */ -#define EXIF_VERSION 1.4 $Id: exif.c,v 1.173.2.5.2.6 2006/12/25 16:48:17 iliaa Exp $ +#define EXIF_VERSION 1.4 $Id: exif.c,v 1.173.2.5.2.7 2006/12/25 23:43:10 iliaa Exp $ /* {{{ PHP_MINFO_FUNCTION */ @@ -3590,7 +3590,7 @@ exif_error_docref(NULL EXIFERR_CC, ImageInfo, E_NOTICE, %s THUMBNAIL @0x%04X + 0x%04X, ImageInfo-Thumbnail.data ? Ignore : Read, ImageInfo-Thumbnail.offset, ImageInfo-Thumbnail.size); #endif if (!ImageInfo-Thumbnail.data) { - ImageInfo-Thumbnail.data = emalloc(ImageInfo-Thumbnail.size); + ImageInfo-Thumbnail.data = safe_emalloc(ImageInfo-Thumbnail.size, 1, 0); php_stream_seek(ImageInfo-infile, ImageInfo-Thumbnail.offset, SEEK_SET); fgot = php_stream_read(ImageInfo-infile, ImageInfo-Thumbnail.data, ImageInfo-Thumbnail.size); if (fgot ImageInfo-Thumbnail.size) { @@ -3623,7 +3623,7 @@ exif_error_docref(NULL EXIFERR_CC, ImageInfo, E_NOTICE, %s THUMBNAIL @0x%04X + 0x%04X, ImageInfo-Thumbnail.data ? Ignore : Read, ImageInfo-Thumbnail.offset, ImageInfo-Thumbnail.size); #endif if (!ImageInfo-Thumbnail.data ImageInfo-Thumbnail.offset ImageInfo-Thumbnail.size ImageInfo-read_thumbnail) { - ImageInfo-Thumbnail.data = emalloc(ImageInfo-Thumbnail.size); + ImageInfo-Thumbnail.data = safe_emalloc(ImageInfo-Thumbnail.size, 1, 0); php_stream_seek(ImageInfo-infile, ImageInfo-Thumbnail.offset, SEEK_SET); fgot = php_stream_read(ImageInfo-infile, ImageInfo-Thumbnail.data, ImageInfo-Thumbnail.size); if (fgot ImageInfo-Thumbnail.size) { -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_2) /ext/exif exif.c
tony2001Tue Oct 10 22:22:43 2006 UTC Modified files: (Branch: PHP_5_2) /php-src/ext/exif exif.c Log: MFH: fix leak and typos in error messages http://cvs.php.net/viewvc.cgi/php-src/ext/exif/exif.c?r1=1.173.2.5.2.3r2=1.173.2.5.2.4diff_format=u Index: php-src/ext/exif/exif.c diff -u php-src/ext/exif/exif.c:1.173.2.5.2.3 php-src/ext/exif/exif.c:1.173.2.5.2.4 --- php-src/ext/exif/exif.c:1.173.2.5.2.3 Thu Aug 17 14:32:35 2006 +++ php-src/ext/exif/exif.c Tue Oct 10 22:22:43 2006 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: exif.c,v 1.173.2.5.2.3 2006/08/17 14:32:35 tony2001 Exp $ */ +/* $Id: exif.c,v 1.173.2.5.2.4 2006/10/10 22:22:43 tony2001 Exp $ */ /* ToDos * @@ -139,7 +139,7 @@ }; /* }}} */ -#define EXIF_VERSION 1.4 $Id: exif.c,v 1.173.2.5.2.3 2006/08/17 14:32:35 tony2001 Exp $ +#define EXIF_VERSION 1.4 $Id: exif.c,v 1.173.2.5.2.4 2006/10/10 22:22:43 tony2001 Exp $ /* {{{ PHP_MINFO_FUNCTION */ @@ -2182,7 +2182,7 @@ } } else { exif_iif_add_tag(image_info, SECTION_COMMENT, Comment, TAG_COMPUTED_VALUE, TAG_FMT_UNDEFINED, 0, NULL); - php_error_docref(NULL TSRMLS_CC, E_NOTICE, JPEG2000 comment section to small); + php_error_docref(NULL TSRMLS_CC, E_NOTICE, JPEG2000 comment section too small); } } #endif @@ -3708,7 +3708,7 @@ } } } else { - exif_error_docref(NULL EXIFERR_CC, ImageInfo, E_WARNING, File to small (%d), ImageInfo-FileSize); + exif_error_docref(NULL EXIFERR_CC, ImageInfo, E_WARNING, File too small (%d), ImageInfo-FileSize); } return ret; } @@ -4022,6 +4022,7 @@ ret = exif_read_file(ImageInfo, p_name, 1, 0 TSRMLS_CC); if (ret==FALSE) { + exif_discard_imageinfo(ImageInfo); RETURN_FALSE; } -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-CVS] cvs: php-src(PHP_5_2) /ext/exif exif.c
tony2001Thu Aug 17 14:32:36 2006 UTC Modified files: (Branch: PHP_5_2) /php-src/ext/exif exif.c Log: initialize static buffer with 0's http://cvs.php.net/viewvc.cgi/php-src/ext/exif/exif.c?r1=1.173.2.5.2.2r2=1.173.2.5.2.3diff_format=u Index: php-src/ext/exif/exif.c diff -u php-src/ext/exif/exif.c:1.173.2.5.2.2 php-src/ext/exif/exif.c:1.173.2.5.2.3 --- php-src/ext/exif/exif.c:1.173.2.5.2.2 Thu Jun 15 18:33:07 2006 +++ php-src/ext/exif/exif.c Thu Aug 17 14:32:35 2006 @@ -17,7 +17,7 @@ +--+ */ -/* $Id: exif.c,v 1.173.2.5.2.2 2006/06/15 18:33:07 dmitry Exp $ */ +/* $Id: exif.c,v 1.173.2.5.2.3 2006/08/17 14:32:35 tony2001 Exp $ */ /* ToDos * @@ -139,7 +139,7 @@ }; /* }}} */ -#define EXIF_VERSION 1.4 $Id: exif.c,v 1.173.2.5.2.2 2006/06/15 18:33:07 dmitry Exp $ +#define EXIF_VERSION 1.4 $Id: exif.c,v 1.173.2.5.2.3 2006/08/17 14:32:35 tony2001 Exp $ /* {{{ PHP_MINFO_FUNCTION */ @@ -2806,6 +2806,7 @@ // pointers read without the need to free them // explicitley before returning. */ + memset(cbuf, 0, sizeof(cbuf)); value_ptr = cbuf; } -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php