diff --git a/NEWS b/NEWS index 7de39a84830..e05bdac1e3d 100644 --- a/NEWS +++ b/NEWS @@ -14,6 +14,10 @@ PHP NEWS (Nathan Freeman) . Fixed incorrect error handling in dom_zvals_to_fragment(). (nielsdos) +- Exif: + . Fixed bug GH-9397 (exif read : warnings and errors : Potentially invalid + endianess, Illegal IFD size and Undefined index). (nielsdos) + - PCRE: . Fixed bug GH-10968 (Segfault in preg_replace_callback_array()). (ilutov) diff --git a/ext/exif/exif.c b/ext/exif/exif.c index 74dba4bf698..273149ccbb8 100644 --- a/ext/exif/exif.c +++ b/ext/exif/exif.c @@ -1277,6 +1277,9 @@ typedef struct { mn_offset_mode_t offset_mode; } maker_note_type; +/* Some maker notes (e.g. DJI info tag) require custom parsing */ +#define REQUIRES_CUSTOM_PARSING NULL + /* Remember to update PHP_MINFO if updated */ static const maker_note_type maker_note_array[] = { { tag_table_VND_CANON, "Canon", NULL, 0, 0, MN_ORDER_INTEL, MN_OFFSET_NORMAL}, @@ -1287,6 +1290,7 @@ static const maker_note_type maker_note_array[] = { { tag_table_VND_OLYMPUS, "OLYMPUS OPTICAL CO.,LTD", "OLYMP\x00\x01\x00", 8, 8, MN_ORDER_NORMAL, MN_OFFSET_NORMAL}, { tag_table_VND_SAMSUNG, "SAMSUNG", NULL, 0, 0, MN_ORDER_NORMAL, MN_OFFSET_NORMAL}, { tag_table_VND_PANASONIC, "Panasonic", "Panasonic\x00\x00\x00", 12, 12, MN_ORDER_NORMAL, MN_OFFSET_NORMAL}, + { REQUIRES_CUSTOM_PARSING, "DJI", "[ae_dbg_info:", 13, 13, MN_ORDER_MOTOROLA, MN_OFFSET_NORMAL}, { tag_table_VND_DJI, "DJI", NULL, 0, 0, MN_ORDER_NORMAL, MN_OFFSET_NORMAL}, { tag_table_VND_SONY, "SONY", "SONY DSC \x00\x00\x00", 12, 12, MN_ORDER_NORMAL, MN_OFFSET_NORMAL}, { tag_table_VND_SONY, "SONY", NULL, 0, 0, MN_ORDER_NORMAL, MN_OFFSET_NORMAL}, @@ -3168,10 +3172,16 @@ static bool exif_process_IFD_in_MAKERNOTE(image_info_type *ImageInfo, char * val return true; } + if (UNEXPECTED(maker_note->tag_table == REQUIRES_CUSTOM_PARSING)) { + /* Custom parsing required, which is not implemented at this point + * Return true so that other metadata can still be parsed. */ + return true; + } + dir_start = value_ptr + maker_note->offset; #ifdef EXIF_DEBUG - exif_error_docref(NULL EXIFERR_CC, ImageInfo, E_NOTICE, "Process %s @x%04X + 0x%04X=%d: %s", exif_get_sectionname(section_index), (intptr_t)dir_start-(intptr_t)info->offset_base+maker_note->offset+displacement, value_len, value_len, exif_char_dump(value_ptr, value_len, (intptr_t)dir_start-(intptr_t)info->offset_base+maker_note->offset+displacement)); + exif_error_docref(NULL EXIFERR_CC, ImageInfo, E_NOTICE, "Process %s @0x%04X + 0x%04X=%d: %s", exif_get_sectionname(section_index), (intptr_t)dir_start-(intptr_t)info->offset_base+maker_note->offset+displacement, value_len, value_len, exif_char_dump(value_ptr, value_len, (intptr_t)dir_start-(intptr_t)info->offset_base+maker_note->offset+displacement)); #endif ImageInfo->sections_found |= FOUND_MAKERNOTE; @@ -3330,7 +3340,7 @@ static bool exif_process_IFD_TAG_impl(image_info_type *ImageInfo, char *dir_entr #ifdef EXIF_DEBUG dump_data = exif_dump_data(&dump_free, format, components, ImageInfo->motorola_intel, value_ptr); exif_error_docref(NULL EXIFERR_CC, ImageInfo, E_NOTICE, - "Process tag(x%04X=%s,@x%04X + x%04X(=%d)): %s%s %s", + "Process tag(x%04X=%s,@0x%04X + x%04X(=%d)): %s%s %s", tag, exif_get_tagname_debug(tag, tag_table), offset_val+displacement, byte_count, byte_count, (components>1)&&format!=TAG_FMT_UNDEFINED&&format!=TAG_FMT_STRING?"ARRAY OF ":"", exif_get_tagformat(format), dump_data); if (dump_free) { efree(dump_data); @@ -4173,7 +4183,7 @@ static bool exif_process_IFD_in_TIFF_impl(image_info_type *ImageInfo, size_t dir } entry_offset = php_ifd_get32u(dir_entry+8, ImageInfo->motorola_intel); #ifdef EXIF_DEBUG - exif_error_docref(NULL EXIFERR_CC, ImageInfo, E_NOTICE, "Next IFD: %s @x%04X", exif_get_sectionname(sub_section_index), entry_offset); + exif_error_docref(NULL EXIFERR_CC, ImageInfo, E_NOTICE, "Next IFD: %s @0x%04X", exif_get_sectionname(sub_section_index), entry_offset); #endif exif_process_IFD_in_TIFF(ImageInfo, entry_offset, sub_section_index); if (section_index!=SECTION_THUMBNAIL && entry_tag==TAG_SUB_IFD) {