Make MAX_IFD_NESTING_LEVEL an actual nesting level

Currently we only ever increment ifd_nesting_level, so this ends up
being a limit on the total number of IFD tags and we regularly get

Make MAX_IFD_NESTING_LEVEL an actual nesting level

Currently we only ever increment ifd_nesting_level, so this ends up
being a limit on the total number of IFD tags and we regularly get
bug reports of it being exceeded. I think the intention behind this
limit was to prevent recursion stack overflow, and for that we only
need to check actual recursive usage. I've implemented that here,
and dropped the nesting limit down to a smaller value
(which still passes our tests).

However, it seems that we do also need to have a total limit on
the number of tags, as we don't catch some instances of infinite
looping otherwise. Add this as a separate limit with a higher
value, that should hopefully be sufficient.

This is expected to fix a number of bugs:

https://bugs.php.net/bug.php?id=78083
https://bugs.php.net/bug.php?id=78701
https://bugs.php.net/bug.php?id=79907
https://bugs.php.net/bug.php?id=80016

show more ...

Fix bug #75785 by attempt switching endianness on Maker's Note

Different manufacturer models may come with a
different endianness (motorola/intel) format. In
order to avoid a big ref

Fix bug #75785 by attempt switching endianness on Maker's Note

Different manufacturer models may come with a
different endianness (motorola/intel) format. In
order to avoid a big refactor and a gigantic lookup
table, this commit simply attempts to switch the
endianness and proceed when values are acceptable.

Closes GH-5849.

show more ...

Fix #79687: Sony picture - PHP Warning - Make, Model, MakerNotes

Even if the length of a maker note does not match our expectations
(either because the maker note is corrupted, or becaus

Fix #79687: Sony picture - PHP Warning - Make, Model, MakerNotes

Even if the length of a maker note does not match our expectations
(either because the maker note is corrupted, or because our
expectations do not quite match reality), there is no need to let
parsing fail; we can still go on parsing the other meta information.

show more ...

Fix bug #79336

Make reading of floats and doubles host-endian independent.

Fixed bug #79282

Fixed bug #79282

Fixed bug #79282

Fixed bug #79046

Avoid float to int cast UB in exif

Fix bug #78793

Fix build - no model field anymore

Fixed bug #78910

Improve exif tag name fetching

Implement a cache for exif tag name lookups

Limit the amount of errors generated during exif parsing

Emitting errors is fairly expensive, to the point that parsing
a file with a huge number of invalid tags can take seconds.
Ge

Limit the amount of errors generated during exif parsing

Emitting errors is fairly expensive, to the point that parsing
a file with a huge number of invalid tags can take seconds.
Generating ten thousand errors is unlikely to help anybody, but
constitutes a potential DOS vector.

show more ...

Avoid float to int cast UB in exif

Remove redundant components < 0 check

components is an unsigned number, it cannot be smaller than zero.

Fix leak of temporary buffer during exif tag reading

Fix multiple leaks in exif_read_data()

This fixes two leaks related to duplicate tags, as well as a leak
of zero-length FMT_(S)BYTE with non-null value. This can show up
for MAKERNOT

Fix multiple leaks in exif_read_data()

This fixes two leaks related to duplicate tags, as well as a leak
of zero-length FMT_(S)BYTE with non-null value. This can show up
for MAKERNOTE values where the original length is non-zero, but
the first character is a null byte.

show more ...

Fix out-of-bounds read in exif tag reading

This issue was recently introduced in c739023a50876e2a90588f915803b0140a95638e,
when the restriction that components>0 has been relaxed. We now

Fix out-of-bounds read in exif tag reading

This issue was recently introduced in c739023a50876e2a90588f915803b0140a95638e,
when the restriction that components>0 has been relaxed. We now need
to make sure that any tags that expect at least one component check
that this is the case.

show more ...

Fix exif leak on duplicate copyright tags

Fix exif build

As of PHP 7.3.0 the `model` field is removed.

Fixed bug #78442 ('Illegal component' on exif_read_data since PHP7)

Fixed bug #78333

Don't dereference float/double values at unknown address, instead
memcpy it into an aligned stack slot and dereference that.

Fixed bug #78333

Don't dereference float/double values at unknown address, instead
memcpy it into an aligned stack slot and dereference that.