Merge branch 'PHP-8.1' into PHP-8.2

* PHP-8.1: Fix GH-9397: exif read : warnings and errors : Potentially invalid endianess, Illegal IFD size and Undefined index
2024-12-16 21:37:49 +08:00 · 2023-04-05 21:37:48 +02:00 · 2023-04-05 21:37:48 +02:00 · 2d2cf3b6e0
commit 2d2cf3b6e0
parent 94a00e9ecd b81ce297a1
2 changed files with 17 additions and 3 deletions
--- a/4
+++ b/4
@ -14,6 +14,10 @@ PHP                                                                        NEWS
    (Nathan Freeman)
  . Fixed incorrect error handling in dom_zvals_to_fragment(). (nielsdos)

+- Exif:
+  . Fixed bug GH-9397 (exif read : warnings and errors : Potentially invalid
+    endianess, Illegal IFD size and Undefined index). (nielsdos)
+
 - PCRE:
  . Fixed bug GH-10968 (Segfault in preg_replace_callback_array()). (ilutov)

--- a/ext/exif/exif.c
+++ b/ext/exif/exif.c
@ -1277,6 +1277,9 @@ typedef struct {
 	mn_offset_mode_t offset_mode;
 } maker_note_type;

+/* Some maker notes (e.g. DJI info tag) require custom parsing */
+#define REQUIRES_CUSTOM_PARSING NULL
+
 /* Remember to update PHP_MINFO if updated */
 static const maker_note_type maker_note_array[] = {
  { tag_table_VND_CANON,     "Canon",                   NULL,								0,  0,  MN_ORDER_INTEL,    MN_OFFSET_NORMAL},
@ -1287,6 +1290,7 @@ static const maker_note_type maker_note_array[] = {
  { tag_table_VND_OLYMPUS,   "OLYMPUS OPTICAL CO.,LTD", "OLYMP\x00\x01\x00",				8,  8,  MN_ORDER_NORMAL,   MN_OFFSET_NORMAL},
  { tag_table_VND_SAMSUNG,   "SAMSUNG",                 NULL,								0,  0,  MN_ORDER_NORMAL,   MN_OFFSET_NORMAL},
  { tag_table_VND_PANASONIC, "Panasonic",               "Panasonic\x00\x00\x00",			12, 12, MN_ORDER_NORMAL,   MN_OFFSET_NORMAL},
+  { REQUIRES_CUSTOM_PARSING, "DJI",                     "[ae_dbg_info:",					13, 13, MN_ORDER_MOTOROLA, MN_OFFSET_NORMAL},
  { tag_table_VND_DJI,       "DJI",                     NULL,								0,  0,  MN_ORDER_NORMAL,   MN_OFFSET_NORMAL},
  { tag_table_VND_SONY,      "SONY",                    "SONY DSC \x00\x00\x00",			12, 12, MN_ORDER_NORMAL,   MN_OFFSET_NORMAL},
  { tag_table_VND_SONY,      "SONY",                    NULL,								0,  0,  MN_ORDER_NORMAL,   MN_OFFSET_NORMAL},
@ -3168,10 +3172,16 @@ static bool exif_process_IFD_in_MAKERNOTE(image_info_type *ImageInfo, char * val
 		return true;
 	}

+	if (UNEXPECTED(maker_note->tag_table == REQUIRES_CUSTOM_PARSING)) {
+		/* Custom parsing required, which is not implemented at this point
+		 * Return true so that other metadata can still be parsed. */
+		return true;
+	}
+
 	dir_start = value_ptr + maker_note->offset;

 #ifdef EXIF_DEBUG
-	exif_error_docref(NULL EXIFERR_CC, ImageInfo, E_NOTICE, "Process %s @x%04X + 0x%04X=%d: %s", exif_get_sectionname(section_index), (intptr_t)dir_start-(intptr_t)info->offset_base+maker_note->offset+displacement, value_len, value_len, exif_char_dump(value_ptr, value_len, (intptr_t)dir_start-(intptr_t)info->offset_base+maker_note->offset+displacement));
+	exif_error_docref(NULL EXIFERR_CC, ImageInfo, E_NOTICE, "Process %s @0x%04X + 0x%04X=%d: %s", exif_get_sectionname(section_index), (intptr_t)dir_start-(intptr_t)info->offset_base+maker_note->offset+displacement, value_len, value_len, exif_char_dump(value_ptr, value_len, (intptr_t)dir_start-(intptr_t)info->offset_base+maker_note->offset+displacement));
 #endif

 	ImageInfo->sections_found |= FOUND_MAKERNOTE;
@ -3330,7 +3340,7 @@ static bool exif_process_IFD_TAG_impl(image_info_type *ImageInfo, char *dir_entr
 #ifdef EXIF_DEBUG
 	dump_data = exif_dump_data(&dump_free, format, components, ImageInfo->motorola_intel, value_ptr);
 	exif_error_docref(NULL EXIFERR_CC, ImageInfo, E_NOTICE,
-		"Process tag(x%04X=%s,@x%04X + x%04X(=%d)): %s%s %s",
+		"Process tag(x%04X=%s,@0x%04X + x%04X(=%d)): %s%s %s",
 		tag, exif_get_tagname_debug(tag, tag_table), offset_val+displacement, byte_count, byte_count, (components>1)&&format!=TAG_FMT_UNDEFINED&&format!=TAG_FMT_STRING?"ARRAY OF ":"", exif_get_tagformat(format), dump_data);
 	if (dump_free) {
 		efree(dump_data);
@ -4173,7 +4183,7 @@ static bool exif_process_IFD_in_TIFF_impl(image_info_type *ImageInfo, size_t dir
 						}
 						entry_offset = php_ifd_get32u(dir_entry+8, ImageInfo->motorola_intel);
 #ifdef EXIF_DEBUG
-						exif_error_docref(NULL EXIFERR_CC, ImageInfo, E_NOTICE, "Next IFD: %s @x%04X", exif_get_sectionname(sub_section_index), entry_offset);
+						exif_error_docref(NULL EXIFERR_CC, ImageInfo, E_NOTICE, "Next IFD: %s @0x%04X", exif_get_sectionname(sub_section_index), entry_offset);
 #endif
 						exif_process_IFD_in_TIFF(ImageInfo, entry_offset, sub_section_index);
 						if (section_index!=SECTION_THUMBNAIL && entry_tag==TAG_SUB_IFD) {