'[PHP-CVS] com php-src: Fix #71848: getimagesize with $imageinfo returns false: NEWS ext/standard/ima'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       php-cvs
Subject:    [PHP-CVS] com php-src: Fix #71848: getimagesize with $imageinfo returns false: NEWS ext/standard/ima
From:       Christoph Michael Becker <cmb () php ! net>
Date:       2018-06-30 14:29:30
Message-ID: php-mail-e7e6edd27b563bb1f40db268078473d31826468589 () git ! php ! net
[Download RAW message or body]

Commit:    ae04110032702622d59c21f9e615120d9479157a
Author:    Christoph M. Becker <cmbecker69@gmx.de>         Sat, 30 Jun 2018 16:29:29 +0200
Parents:   962706d16c29ec6dd5ec3a78edae9e8907bca20a
Branches:  master

Link:       http://git.php.net/?p=php-src.git;a=commitdiff;h=ae04110032702622d59c21f9e615120d9479157a

Log:
Fix #71848: getimagesize with $imageinfo returns false

Some JFIF images contain empty APP segments, i.e. those which consist
only of the marker bytes and the length, but without actual content.
It appears to be doubtful to have empty APP segments, but we should
apply the robustness principle, and accept these, instead of simply
failing in this case.

We choose to add empty APP segments to $imageinfo with an empty string
as value, instead of NULL, or even to omit these segments altogether.

This patch also fixes the potential issue that php_stream_read() might
not read the supposed number of bytes, which could result in garbage to
be added to the read value.

Bugs:
https://bugs.php.net/71848

Changed paths:
  M  NEWS
  M  ext/standard/image.c
  A  ext/standard/tests/image/bug71848.jpg
  A  ext/standard/tests/image/bug71848.phpt


Diff:
diff --git a/NEWS b/NEWS
index 2f1f319..d21ff66 100644
--- a/NEWS
+++ b/NEWS
@@ -32,6 +32,7 @@ PHP                                                                        NEWS
 - Standard:
   . Fixed bug #76505 (array_merge_recursive() is duplicating sub-array keys).
     (Laruence)
+  . Fixed bug #71848 (getimagesize with $imageinfo returns false). (cmb)
 
 22 Jun 2019, PHP 7.1.19
 
diff --git a/ext/standard/image.c b/ext/standard/image.c
index 722497f..395063a 100644
--- a/ext/standard/image.c
+++ b/ext/standard/image.c
@@ -453,7 +453,7 @@ static int php_read_APP(php_stream * stream, unsigned int marker, zval *info)
 
 	buffer = emalloc(length);
 
-	if (php_stream_read(stream, buffer, (zend_long) length) <= 0) {
+	if (php_stream_read(stream, buffer, (zend_long) length) != length) {
 		efree(buffer);
 		return 0;
 	}
diff --git a/ext/standard/tests/image/bug71848.jpg b/ext/standard/tests/image/bug71848.jpg
new file mode 100644
index 0000000..9588dbe
Binary files /dev/null and b/ext/standard/tests/image/bug71848.jpg differ
diff --git a/ext/standard/tests/image/bug71848.phpt b/ext/standard/tests/image/bug71848.phpt
new file mode 100644
index 0000000..d96ac1c
--- /dev/null
+++ b/ext/standard/tests/image/bug71848.phpt
@@ -0,0 +1,32 @@
+--TEST--
+Bug #71848 (getimagesize with $imageinfo returns false)
+--FILE--
+<?php
+var_dump(getimagesize(__DIR__ . '/bug71848.jpg', $info));
+var_dump(array_keys($info));
+?>
+===DONE===
+--EXPECT--
+array(7) {
+  [0]=>
+  int(8)
+  [1]=>
+  int(8)
+  [2]=>
+  int(2)
+  [3]=>
+  string(20) "width="8" height="8""
+  ["bits"]=>
+  int(8)
+  ["channels"]=>
+  int(3)
+  ["mime"]=>
+  string(10) "image/jpeg"
+}
+array(2) {
+  [0]=>
+  string(4) "APP0"
+  [1]=>
+  string(4) "APP5"
+}
+===DONE===


--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic