- Fixed bug #25581 (getimagesize () return incorrect values on bitmap

  (os2) files)

diff --git a/NEWS b/NEWS
index 89f8977433234358087df1f456ed1d99c2544baf..1eef0aa7d8b5d0e8bd770e6bb7dc3d3e48c40768 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -43,6 +43,8 @@ PHP                                                                        NEWS
   (Sterling)
 - Fixed visibility of __construct and __clone. (Marcus)
 - Fixed bug #25756 (SimpleXML's validate_schema_file() broken). (Moriyoshi)
+- Fixed bug #25581 (getimagesize () return incorrect values on bitmap (os2) 
+  files) (Marcus)
 - Fixed bug #25494 (array_merge*() allows non-arrays as argument). (Jay)
 - Fixed bug #24766 (strange result array from unpack()). (Moriyoshi)
 - Fixed bug #24729 ($obj = new $className; causes crash when $className is not 

diff --git a/ext/standard/image.c b/ext/standard/image.c
index 366cfe29822e6078031a662e64973f28a6fa4c7a..fede26f6574ba9022a1a8758cc327df657416234 100644 (file)
--- a/ext/standard/image.c
+++ b/ext/standard/image.c
@@ -143,18 +143,29 @@ static struct gfxinfo *php_handle_psd (php_stream * stream TSRMLS_DC)
 static struct gfxinfo *php_handle_bmp (php_stream * stream TSRMLS_DC)
 {
        struct gfxinfo *result = NULL;
-       unsigned char dim[12];
+       unsigned char dim[16];
+       int size;
 
-       if (php_stream_seek(stream, 15, SEEK_CUR))
+       if (php_stream_seek(stream, 11, SEEK_CUR))
                return NULL;
 
        if (php_stream_read(stream, dim, sizeof(dim)) != sizeof(dim))
                return NULL;
 
-       result = (struct gfxinfo *) ecalloc (1, sizeof(struct gfxinfo));
-       result->width    =  (((unsigned int)dim[ 3]) << 24) + (((unsigned int)dim[ 2]) << 16) + (((unsigned int)dim[ 1]) << 8) + ((unsigned int) dim[ 0]);
-       result->height   =  (((unsigned int)dim[ 7]) << 24) + (((unsigned int)dim[ 6]) << 16) + (((unsigned int)dim[ 5]) << 8) + ((unsigned int) dim[ 4]);
-       result->bits     =  (((unsigned int)dim[11]) <<  8) +  ((unsigned int)dim[10]);
+       size   = (((unsigned int)dim[ 3]) << 24) + (((unsigned int)dim[ 2]) << 16) + (((unsigned int)dim[ 1]) << 8) + ((unsigned int) dim[ 0]);
+       if (size == 12) {
+               result = (struct gfxinfo *) ecalloc (1, sizeof(struct gfxinfo));
+               result->width    =  (((unsigned int)dim[ 5]) << 8) + ((unsigned int) dim[ 4]);
+               result->height   =  (((unsigned int)dim[ 7]) << 8) + ((unsigned int) dim[ 6]);
+               result->bits     =  ((unsigned int)dim[11]);
+       } else if (size > 12 && (size <= 64 || size == 108)) {
+               result = (struct gfxinfo *) ecalloc (1, sizeof(struct gfxinfo));
+               result->width    =  (((unsigned int)dim[ 7]) << 24) + (((unsigned int)dim[ 6]) << 16) + (((unsigned int)dim[ 5]) << 8) + ((unsigned int) dim[ 4]);
+               result->height   =  (((unsigned int)dim[11]) << 24) + (((unsigned int)dim[10]) << 16) + (((unsigned int)dim[ 9]) << 8) + ((unsigned int) dim[ 8]);
+               result->bits     =  (((unsigned int)dim[15]) <<  8) +  ((unsigned int)dim[14]);
+       } else {
+               return NULL;
+       }
 
        return result;
 }