unserialize). (Nikita)
. Fixed bug #74819 (wddx_deserialize() heap out-of-bound read via
php_parse_date()). (Derick)
+
+- EXIF:
+ . Fixed bug #74428 (exif_read_data(): "Illegal IFD size" warning occurs with
+ correct exif format). (bradpiccho at gmail dot com, Kalle)
- GD:
. Fixed bug #74435 (Buffer over-read into uninitialized memory). (cmb)
ImageInfo->sections_found |= FOUND_IFD0;
- if ((dir_start + 2) >= (offset_base+IFDlength)) {
+ if ((dir_start + 2) > (offset_base+IFDlength)) {
exif_error_docref("exif_read_data#error_ifd" EXIFERR_CC, ImageInfo, E_WARNING, "Illegal IFD size");
return FALSE;
}
* Hack to make it process IDF1 I hope
* There are 2 IDFs, the second one holds the keys (0x0201 and 0x0202) to the thumbnail
*/
- if ((dir_start+2+12*de + 4) >= (offset_base+IFDlength)) {
+ if ((dir_start+2+12*de + 4) > (offset_base+IFDlength)) {
exif_error_docref("exif_read_data#error_ifd" EXIFERR_CC, ImageInfo, E_WARNING, "Illegal IFD size");
return FALSE;
}
--- /dev/null
+--TEST--
+Bug #74428 (exif_read_data(): "Illegal IFD size" warning occurs with correct exif format)
+--SKIPIF--
+<?php if (!extension_loaded('exif')) print 'skip exif extension not available';?>
+--INI--
+output_handler=
+zlib.output_compression=0
+--FILE--
+<?php
+$infile = dirname(__FILE__).'/bug74428.jpg';
+var_dump(exif_read_data($infile));
+?>
+===DONE===
+--EXPECTF--
+array(11) {
+ ["FileName"]=>
+ string(12) "bug74428.jpg"
+ ["FileDateTime"]=>
+ int(%d)
+ ["FileSize"]=>
+ int(1902)
+ ["FileType"]=>
+ int(2)
+ ["MimeType"]=>
+ string(10) "image/jpeg"
+ ["SectionsFound"]=>
+ string(19) "ANY_TAG, IFD0, EXIF"
+ ["COMPUTED"]=>
+ array(5) {
+ ["html"]=>
+ string(22) "width="88" height="28""
+ ["Height"]=>
+ int(28)
+ ["Width"]=>
+ int(88)
+ ["IsColor"]=>
+ int(1)
+ ["ByteOrderMotorola"]=>
+ int(0)
+ }
+ ["Orientation"]=>
+ int(1)
+ ["Exif_IFD_Pointer"]=>
+ int(38)
+ ["ExifImageWidth"]=>
+ int(88)
+ ["ExifImageLength"]=>
+ int(28)
+}
+===DONE===
projects / php / commitdiff
