From: Marcus Boerger Date: Sun, 9 Oct 2005 14:11:44 +0000 (+0000) Subject: Bugfix #34704 (Infinite recursion due to corrupt JPEG) (Tim Starling) X-Git-Tag: RELEASE_0_9_1~185 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=c124fa566cee937a3bf21735f47209217503106b;p=php Bugfix #34704 (Infinite recursion due to corrupt JPEG) (Tim Starling) --- diff --git a/ext/exif/exif.c b/ext/exif/exif.c index 0523a5c3f0..5ec0542073 100644 --- a/ext/exif/exif.c +++ b/ext/exif/exif.c @@ -3031,6 +3031,12 @@ static int exif_process_IFD_in_JPEG(image_info_type *ImageInfo, char *dir_start, return FALSE; } } + /* + * Ignore IFD2 if it purportedly exists + */ + if (section_index == SECTION_THUMBNAIL) { + return FALSE; + } /* * Hack to make it process IDF1 I hope * There are 2 IDFs, the second one holds the keys (0x0201 and 0x0202) to the thumbnail diff --git a/ext/exif/tests/bug34704.jpg b/ext/exif/tests/bug34704.jpg new file mode 100755 index 0000000000..42b14c1908 Binary files /dev/null and b/ext/exif/tests/bug34704.jpg differ diff --git a/ext/exif/tests/bug34704.phpt b/ext/exif/tests/bug34704.phpt new file mode 100755 index 0000000000..ee51910e3f --- /dev/null +++ b/ext/exif/tests/bug34704.phpt @@ -0,0 +1,44 @@ +--TEST-- +Bug # 34704 (Infinite recursion due to corrupt JPEG) +--SKIPIF-- + +--INI-- +magic_quotes_runtime=0 +output_handler= +zlib.output_compression=0 +--FILE-- + +===DONE=== +--EXPECT-- +array(7) { + ["FileName"]=> + string(12) "bug34704.jpg" + ["FileDateTime"]=> + int(1128866682) + ["FileSize"]=> + int(9976) + ["FileType"]=> + int(2) + ["MimeType"]=> + string(10) "image/jpeg" + ["SectionsFound"]=> + string(4) "IFD0" + ["COMPUTED"]=> + array(5) { + ["html"]=> + string(24) "width="386" height="488"" + ["Height"]=> + int(488) + ["Width"]=> + int(386) + ["IsColor"]=> + int(1) + ["ByteOrderMotorola"]=> + int(0) + } +} +===DONE=== \ No newline at end of file