From: Nikita Popov Date: Tue, 11 Aug 2020 14:29:01 +0000 (+0200) Subject: Merge branch 'PHP-7.4' X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=8694eb14f437cedb0b1b48be95862272fb818aeb;p=php Merge branch 'PHP-7.4' * PHP-7.4: Fix bug #75785 by attempt switching endianness on Maker's Note --- 8694eb14f437cedb0b1b48be95862272fb818aeb diff --cc ext/exif/exif.c index e89d74d9e9,0edc8cadcd..5daa9c95b0 --- a/ext/exif/exif.c +++ b/ext/exif/exif.c @@@ -62,9 -64,47 +62,9 @@@ typedef unsigned char uchar #define EFREE_IF(ptr) if (ptr) efree(ptr) - #define MAX_IFD_NESTING_LEVEL 150 + #define MAX_IFD_NESTING_LEVEL 200 -/* {{{ arginfo */ -ZEND_BEGIN_ARG_INFO(arginfo_exif_tagname, 0) - ZEND_ARG_INFO(0, index) -ZEND_END_ARG_INFO() - -ZEND_BEGIN_ARG_INFO_EX(arginfo_exif_read_data, 0, 0, 1) - ZEND_ARG_INFO(0, filename) - ZEND_ARG_INFO(0, sections_needed) - ZEND_ARG_INFO(0, sub_arrays) - ZEND_ARG_INFO(0, read_thumbnail) -ZEND_END_ARG_INFO() - -ZEND_BEGIN_ARG_INFO_EX(arginfo_exif_thumbnail, 0, 0, 1) - ZEND_ARG_INFO(0, filename) - ZEND_ARG_INFO(1, width) - ZEND_ARG_INFO(1, height) - ZEND_ARG_INFO(1, imagetype) -ZEND_END_ARG_INFO() - -ZEND_BEGIN_ARG_INFO(arginfo_exif_imagetype, 0) - ZEND_ARG_INFO(0, imagefile) -ZEND_END_ARG_INFO() - -/* }}} */ - -/* {{{ exif_functions[] - */ -static const zend_function_entry exif_functions[] = { - PHP_FE(exif_read_data, arginfo_exif_read_data) - PHP_DEP_FALIAS(read_exif_data, exif_read_data, arginfo_exif_read_data) - PHP_FE(exif_tagname, arginfo_exif_tagname) - PHP_FE(exif_thumbnail, arginfo_exif_thumbnail) - PHP_FE(exif_imagetype, arginfo_exif_imagetype) - PHP_FE_END -}; -/* }}} */ - -/* {{{ PHP_MINFO_FUNCTION - */ +/* {{{ PHP_MINFO_FUNCTION */ PHP_MINFO_FUNCTION(exif) { php_info_print_table_start(); @@@ -3201,9 -3224,39 +3199,19 @@@ static bool exif_process_IFD_in_MAKERNO } if ((dir_start - value_ptr) > value_len - (2+NumDirEntries*12)) { exif_error_docref("exif_read_data#error_ifd" EXIFERR_CC, ImageInfo, E_WARNING, "Illegal IFD size: 0x%04X > 0x%04X", (dir_start - value_ptr) + (2+NumDirEntries*12), value_len); - return FALSE; + return false; } + switch (maker_note->offset_mode) { + case MN_OFFSET_MAKER: - offset_base = value_ptr; - data_len = value_len; - break; -#ifdef KALLE_0 - case MN_OFFSET_GUESS: - if (maker_note->offset + 10 + 4 >= value_len) { - /* Can not read dir_start+10 since it's beyond value end */ - exif_error_docref("exif_read_data#error_ifd" EXIFERR_CC, ImageInfo, E_WARNING, "IFD data too short: 0x%04X", value_len); - return FALSE; - } - offset_diff = 2 + NumDirEntries*12 + 4 - php_ifd_get32u(dir_start+10, ImageInfo->motorola_intel); -#ifdef EXIF_DEBUG - exif_error_docref(NULL EXIFERR_CC, ImageInfo, E_NOTICE, "Using automatic offset correction: 0x%04X", ((int)dir_start-(int)offset_base+maker_note->offset+displacement) + offset_diff); -#endif - if (offset_diff < 0 || offset_diff >= value_len ) { - exif_error_docref("exif_read_data#error_ifd" EXIFERR_CC, ImageInfo, E_WARNING, "IFD data bad offset: 0x%04X length 0x%04X", offset_diff, value_len); - return FALSE; - } - offset_base = value_ptr + offset_diff; - data_len = value_len - offset_diff; ++ exif_offset_info_init(&new_info, value_ptr, value_ptr, value_len); ++ info = &new_info; + break; -#endif + default: + case MN_OFFSET_NORMAL: - data_len = value_len; + break; + } + for (de=0;de