granicus.if.org Git - php/commit

author	Nikita Popov <nikita.ppv@gmail.com>
	Wed, 12 Aug 2020 08:09:37 +0000 (10:09 +0200)
committer	Nikita Popov <nikita.ppv@gmail.com>
	Mon, 31 Aug 2020 07:28:59 +0000 (09:28 +0200)
commit	376bbbdf3b6b0ec08102c3ccb31746c2a7d9bdd6
tree	c45ab4d348831822a3b49fff1cbc1b238bd2c74c	tree \| snapshot
parent	e948188832185171182a274567146757c13b9fac	commit \| diff

Make MAX_IFD_NESTING_LEVEL an actual nesting level

Currently we only ever increment ifd_nesting_level, so this ends up
being a limit on the total number of IFD tags and we regularly get
bug reports of it being exceeded. I think the intention behind this
limit was to prevent recursion stack overflow, and for that we only
need to check actual recursive usage. I've implemented that here,
and dropped the nesting limit down to a smaller value
(which still passes our tests).

However, it seems that we do also need to have a total limit on
the number of tags, as we don't catch some instances of infinite
looping otherwise. Add this as a separate limit with a higher
value, that should hopefully be sufficient.

This is expected to fix a number of bugs:

https://bugs.php.net/bug.php?id=78083
https://bugs.php.net/bug.php?id=78701
https://bugs.php.net/bug.php?id=79907
https://bugs.php.net/bug.php?id=80016

ext/exif/exif.c		diff \| blob \| history
ext/exif/tests/nesting_level_oom.phpt	[new file with mode: 0644]	blob
ext/exif/tests/nesting_level_oom.tiff	[new file with mode: 0644]	blob