[Bug 31740] New: JpegMetadataExtractor lacks bounds checking, spams error logs with E_WARNING

bugzilla-daemon Sat, 15 Oct 2011 15:34:53 -0700

https://bugzilla.wikimedia.org/show_bug.cgi?id=31740


       Web browser: ---
             Bug #: 31740
           Summary: JpegMetadataExtractor lacks bounds checking, spams
                    error logs with E_WARNING
           Product: MediaWiki
           Version: 1.18
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: normal
          Priority: Unprioritized
         Component: Images and files
        AssignedTo: [email protected]
        ReportedBy: [email protected]
                CC: [email protected], [email protected]
    Classification: Unclassified


When running refreshImageMetadata.php on angwiki, I got:

Warning: unpack(): Type N: not enough input, need 4, have 0 in
/usr/local/apache/common-local/php-1.18/includes/media/JpegMetadataExtractor.php
on line 205

298290 times, and then I hit ctrl-C. JpegMetadataExtractor should use a wrapper
around unpack that guards against reading beyond the end of the string. I made
one for ZipDirectoryReader, maybe we should factor that out for the benefit of
other binary format parsers.

-- 
Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are on the CC list for the bug.

_______________________________________________
Wikibugs-l mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l

[Bug 31740] New: JpegMetadataExtractor lacks bounds checking, spams error logs with E_WARNING

Reply via email to