| #
376bbbdf |
| 12-Aug-2020 |
Nikita Popov |
Make MAX_IFD_NESTING_LEVEL an actual nesting level
Currently we only ever increment ifd_nesting_level, so this ends up
being a limit on the total number of IFD tags and we regularly get
Make MAX_IFD_NESTING_LEVEL an actual nesting level
Currently we only ever increment ifd_nesting_level, so this ends up
being a limit on the total number of IFD tags and we regularly get
bug reports of it being exceeded. I think the intention behind this
limit was to prevent recursion stack overflow, and for that we only
need to check actual recursive usage. I've implemented that here,
and dropped the nesting limit down to a smaller value
(which still passes our tests).
However, it seems that we do also need to have a total limit on
the number of tags, as we don't catch some instances of infinite
looping otherwise. Add this as a separate limit with a higher
value, that should hopefully be sufficient.
This is expected to fix a number of bugs:
https://bugs.php.net/bug.php?id=78083
https://bugs.php.net/bug.php?id=78701
https://bugs.php.net/bug.php?id=79907
https://bugs.php.net/bug.php?id=80016
show more ...
|
| #
2fa4ca95 |
| 12-Jul-2020 |
Nawarian |
Fix bug #75785 by attempt switching endianness on Maker's Note
Different manufacturer models may come with a
different endianness (motorola/intel) format. In
order to avoid a big ref
Fix bug #75785 by attempt switching endianness on Maker's Note
Different manufacturer models may come with a
different endianness (motorola/intel) format. In
order to avoid a big refactor and a gigantic lookup
table, this commit simply attempts to switch the
endianness and proceed when values are acceptable.
Closes GH-5849.
show more ...
|
| #
5621c5fa |
| 13-Jun-2020 |
Christoph M. Becker |
Fix #79687: Sony picture - PHP Warning - Make, Model, MakerNotes
Even if the length of a maker note does not match our expectations
(either because the maker note is corrupted, or becaus
Fix #79687: Sony picture - PHP Warning - Make, Model, MakerNotes
Even if the length of a maker note does not match our expectations
(either because the maker note is corrupted, or because our
expectations do not quite match reality), there is no need to let
parsing fail; we can still go on parsing the other meta information.
show more ...
|
| #
41f66e2a |
| 16-Mar-2020 |
Stanislav Malyshev |
Fixed bug #79282
|
| #
25238bdf |
| 16-Mar-2020 |
Stanislav Malyshev |
Fixed bug #79282
|
| #
c14eb8de |
| 16-Dec-2019 |
Stanislav Malyshev |
Fix bug #78793
|
| #
b74a300e |
| 16-Dec-2019 |
Stanislav Malyshev |
Fix build - no model field anymore
|
| #
d348cfb9 |
| 16-Dec-2019 |
Stanislav Malyshev |
Fixed bug #78910
|
|
Revision tags: php-7.3.13RC1, php-7.2.26RC1, php-7.4.0, php-7.2.25, php-7.3.12, php-7.4.0RC6, php-7.3.12RC1, php-7.2.25RC1, php-7.4.0RC5, php-7.1.33, php-7.2.24, php-7.3.11, php-7.4.0RC4 |
|
| #
daf1fc6e |
| 09-Oct-2019 |
Nikita Popov |
Avoid float to int cast UB in exif
|
| #
d6ca174d |
| 09-Oct-2019 |
Nikita Popov |
Remove redundant components < 0 check
components is an unsigned number, it cannot be smaller than zero.
|
|
Revision tags: php-7.3.11RC1, php-7.2.24RC1, php-7.4.0RC3, php-7.2.23, php-7.3.10 |
|
| #
f989a4cd |
| 22-Sep-2019 |
Nikita Popov |
Fix leak of temporary buffer during exif tag reading
|
| #
0701835c |
| 21-Sep-2019 |
Nikita Popov |
Fix multiple leaks in exif_read_data()
This fixes two leaks related to duplicate tags, as well as a leak
of zero-length FMT_(S)BYTE with non-null value. This can show up
for MAKERNOT
Fix multiple leaks in exif_read_data()
This fixes two leaks related to duplicate tags, as well as a leak
of zero-length FMT_(S)BYTE with non-null value. This can show up
for MAKERNOTE values where the original length is non-zero, but
the first character is a null byte.
show more ...
|
| #
0fa13028 |
| 19-Sep-2019 |
Nikita Popov |
Fix out-of-bounds read in exif tag reading
This issue was recently introduced in c739023a50876e2a90588f915803b0140a95638e,
when the restriction that components>0 has been relaxed. We now
Fix out-of-bounds read in exif tag reading
This issue was recently introduced in c739023a50876e2a90588f915803b0140a95638e,
when the restriction that components>0 has been relaxed. We now need
to make sure that any tags that expect at least one component check
that this is the case.
show more ...
|
| #
3e139a46 |
| 19-Sep-2019 |
Nikita Popov |
Fix exif leak on duplicate copyright tags
|
|
Revision tags: php-7.4.0RC2 |
|
| #
31f617d9 |
| 12-Sep-2019 |
Christoph M. Becker |
Fix exif build
As of PHP 7.3.0 the `model` field is removed.
|
| #
2823e938 |
| 12-Sep-2019 |
Kalle Sommer Nielsen |
Fixed bug #78442 ('Illegal component' on exif_read_data since PHP7)
|
|
Revision tags: php-7.2.23RC1, php-7.3.10RC1, php-7.4.0RC1, php-7.1.32, php-7.2.22, php-7.3.9, php-7.4.0beta4, php-7.2.22RC1, php-7.3.9RC1, php-7.4.0beta2, php-7.1.31, php-7.2.21, php-7.3.8 |
|
| #
68fd435b |
| 29-Jul-2019 |
Nikita Popov |
Fixed bug #78333
Don't dereference float/double values at unknown address, instead
memcpy it into an aligned stack slot and dereference that.
|
| #
d142dfc9 |
| 29-Jul-2019 |
Nikita Popov |
Fixed bug #78333
Don't dereference float/double values at unknown address, instead
memcpy it into an aligned stack slot and dereference that.
|
|
Revision tags: php-7.4.0beta1, php-7.2.21RC1, php-7.3.8RC1, php-7.4.0alpha3 |
|
| #
aeb6d131 |
| 08-Jul-2019 |
Stanislav Malyshev |
Fix bug #78256 (heap-buffer-overflow on exif_process_user_comment)
|
| #
dea2989a |
| 08-Jul-2019 |
Stanislav Malyshev |
Fix bug #78222 (heap-buffer-overflow on exif_scan_thumbnail)
|
|
Revision tags: php-7.3.7, php-7.2.20, php-7.4.0alpha2, php-7.3.7RC3, php-7.3.7RC2, php-7.2.20RC2, php-7.4.0alpha1, php-7.3.7RC1, php-7.2.20RC1, php-7.2.19, php-7.3.6, php-7.1.30 |
|
| #
73ff4193 |
| 28-May-2019 |
Stanislav Malyshev |
Fix bug #77988 - heap-buffer-overflow on php_jpg_get16
|
|
Revision tags: php-7.2.19RC1, php-7.3.6RC1, php-7.1.29, php-7.2.18, php-7.3.5 |
|
| #
f80ad18a |
| 30-Apr-2019 |
Stanislav Malyshev |
Fix bug #77950 - Heap-buffer-overflow in _estrndup via exif_process_IFD_TAG
I do not completely understand what is going on there, but I am pretty
sure dir_entry <= offset_base if not a
Fix bug #77950 - Heap-buffer-overflow in _estrndup via exif_process_IFD_TAG
I do not completely understand what is going on there, but I am pretty
sure dir_entry <= offset_base if not a normal situation, so we better not
to rely on such dir_entry.
show more ...
|
|
Revision tags: php-7.2.18RC1, php-7.3.5RC1, php-7.2.17, php-7.3.4, php-7.1.28 |
|
| #
dc1cd3da |
| 02-Apr-2019 |
Remi Collet |
fix paste issue
|
| #
01a4de5c |
| 02-Apr-2019 |
Christoph M. Becker |
Pointer arithmetic on void pointers is illegal
We quick-fix this by casting to char*; it might be more appropriate to
use char pointers in the first place.
|
| #
887a7b57 |
| 02-Apr-2019 |
Stanislav Malyshev |
Fixed bug #77831 - Heap-buffer-overflow in exif_iif_add_value in EXIF
|
