From: Nikita Popov <nikita.ppv@gmail.com>
Date: Tue, 8 Sep 2020 09:50:25 +0000 (+0200)
Subject: Promote warnings in exif
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=259af931e62e11dbc040adc30f8f00dbc1e3f2d3;p=php

Promote warnings in exif

The only thing that can promoted are the path-related checked.
Everything else is input dependent and error-suppressing these
functions is both the typical and the recommended usage.
---

diff --git a/ext/exif/exif.c b/ext/exif/exif.c
index b2852628ba..b47dea6109 100644
--- a/ext/exif/exif.c
+++ b/ext/exif/exif.c
@@ -4536,9 +4536,13 @@ PHP_FUNCTION(exif_read_data)
 		}
 
 		if (!Z_STRLEN_P(stream)) {
-			exif_error_docref(NULL EXIFERR_CC, &ImageInfo, E_WARNING, "Filename cannot be empty");
+			zend_argument_value_error(1, "cannot be empty");
+			RETURN_THROWS();
+		}
 
-			RETURN_FALSE;
+		if (CHECK_NULL_PATH(Z_STRVAL_P(stream), Z_STRLEN_P(stream))) {
+			zend_argument_type_error(1, "cannot contain any null-bytes");
+			RETURN_THROWS();
 		}
 
 		ret = exif_read_from_file(&ImageInfo, Z_STRVAL_P(stream), read_thumbnail, read_all);
@@ -4709,9 +4713,13 @@ PHP_FUNCTION(exif_thumbnail)
 		}
 
 		if (!Z_STRLEN_P(stream)) {
-			exif_error_docref(NULL EXIFERR_CC, &ImageInfo, E_WARNING, "Filename cannot be empty");
+			zend_argument_value_error(1, "cannot be empty");
+			RETURN_THROWS();
+		}
 
-			RETURN_FALSE;
+		if (CHECK_NULL_PATH(Z_STRVAL_P(stream), Z_STRLEN_P(stream))) {
+			zend_argument_type_error(1, "cannot contain any null-bytes");
+			RETURN_THROWS();
 		}
 
 		ret = exif_read_from_file(&ImageInfo, Z_STRVAL_P(stream), 1, 0);
diff --git a/ext/exif/tests/filename_empty.phpt b/ext/exif/tests/filename_empty.phpt
new file mode 100644
index 0000000000..7896c87fbb
--- /dev/null
+++ b/ext/exif/tests/filename_empty.phpt
@@ -0,0 +1,35 @@
+--TEST--
+Passing empty filename to exif_read_data() and exif_thumnail()
+--FILE--
+<?php
+
+try {
+    exif_read_data("");
+} catch (ValueError $e) {
+    echo $e->getMessage(), "\n";
+}
+
+try {
+    exif_thumbnail("");
+} catch (ValueError $e) {
+    echo $e->getMessage(), "\n";
+}
+
+try {
+    exif_read_data("foo\0bar");
+} catch (TypeError $e) {
+    echo $e->getMessage(), "\n";
+}
+
+try {
+    exif_thumbnail("foo\0bar");
+} catch (TypeError $e) {
+    echo $e->getMessage(), "\n";
+}
+
+?>
+--EXPECT--
+exif_read_data(): Argument #1 ($filename) cannot be empty
+exif_thumbnail(): Argument #1 ($filename) cannot be empty
+exif_read_data(): Argument #1 ($filename) cannot contain any null-bytes
+exif_thumbnail(): Argument #1 ($filename) cannot contain any null-bytes