From: Christoph M. Becker Date: Sat, 30 Jun 2018 14:29:29 +0000 (+0200) Subject: Fix #71848: getimagesize with $imageinfo returns false X-Git-Tag: php-7.2.8RC1~10^2 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=ae04110032702622d59c21f9e615120d9479157a;p=php Fix #71848: getimagesize with $imageinfo returns false Some JFIF images contain empty APP segments, i.e. those which consist only of the marker bytes and the length, but without actual content. It appears to be doubtful to have empty APP segments, but we should apply the robustness principle, and accept these, instead of simply failing in this case. We choose to add empty APP segments to $imageinfo with an empty string as value, instead of NULL, or even to omit these segments altogether. This patch also fixes the potential issue that php_stream_read() might not read the supposed number of bytes, which could result in garbage to be added to the read value. --- diff --git a/NEWS b/NEWS index 2f1f319ef8..d21ff66990 100644 --- a/NEWS +++ b/NEWS @@ -32,6 +32,7 @@ PHP NEWS - Standard: . Fixed bug #76505 (array_merge_recursive() is duplicating sub-array keys). (Laruence) + . Fixed bug #71848 (getimagesize with $imageinfo returns false). (cmb) 22 Jun 2019, PHP 7.1.19 diff --git a/ext/standard/image.c b/ext/standard/image.c index 722497f5e8..395063abb7 100644 --- a/ext/standard/image.c +++ b/ext/standard/image.c @@ -453,7 +453,7 @@ static int php_read_APP(php_stream * stream, unsigned int marker, zval *info) buffer = emalloc(length); - if (php_stream_read(stream, buffer, (zend_long) length) <= 0) { + if (php_stream_read(stream, buffer, (zend_long) length) != length) { efree(buffer); return 0; } diff --git a/ext/standard/tests/image/bug71848.jpg b/ext/standard/tests/image/bug71848.jpg new file mode 100644 index 0000000000..9588dbe00b Binary files /dev/null and b/ext/standard/tests/image/bug71848.jpg differ diff --git a/ext/standard/tests/image/bug71848.phpt b/ext/standard/tests/image/bug71848.phpt new file mode 100644 index 0000000000..d96ac1c537 --- /dev/null +++ b/ext/standard/tests/image/bug71848.phpt @@ -0,0 +1,32 @@ +--TEST-- +Bug #71848 (getimagesize with $imageinfo returns false) +--FILE-- + +===DONE=== +--EXPECT-- +array(7) { + [0]=> + int(8) + [1]=> + int(8) + [2]=> + int(2) + [3]=> + string(20) "width="8" height="8"" + ["bits"]=> + int(8) + ["channels"]=> + int(3) + ["mime"]=> + string(10) "image/jpeg" +} +array(2) { + [0]=> + string(4) "APP0" + [1]=> + string(4) "APP5" +} +===DONE===