Fix GH-16409: Segfault in exif_thumbnail when not dealing with a real file

Closes GH-16416.

Merge branch 'PHP-8.1' into PHP-8.2

* PHP-8.1:
Fix GH-10834: exif_read_data() cannot read smaller stream wrapper chunk sizes

Fix GH-10834: exif_read_data() cannot read smaller stream wrapper chunk sizes

php_stream_read() may return less than the requested amount of bytes by
design. This patch introduces a stat

Fix GH-10834: exif_read_data() cannot read smaller stream wrapper chunk sizes

php_stream_read() may return less than the requested amount of bytes by
design. This patch introduces a static function for exif which reads
from the stream in a loop until all the requested bytes are read.

For the test: Co-authored-by: dotpointer

Closes GH-10924.

show more ...

Merge branch 'PHP-8.1' into PHP-8.2

* PHP-8.1:
Fix GH-9397: exif read : warnings and errors : Potentially invalid endianess, Illegal IFD size and Undefined index

Fix GH-9397: exif read : warnings and errors : Potentially invalid endianess, Illegal IFD size and Undefined index

Don't misinterpret DJI info maker note as DJI maker note.

The DJI

Fix GH-9397: exif read : warnings and errors : Potentially invalid endianess, Illegal IFD size and Undefined index

Don't misinterpret DJI info maker note as DJI maker note.

The DJI and DJI info maker note both share the "DJI" make string.
This caused the current code to try to interpret the DJI info maker note
as a DJI maker note. However, the DJI info maker note requires custom
parsing. Therefore, the misinterpretation actually caused the current
code to believe that there was an unrecoverable error in the IFD for the
maker note by returning false in the maker note parser. This in turn
caused the inability to parse other EXIF metadata.

This patch adds the identification of the DJI info maker note so that it
cannot be misinterpreted. Since we don't implement custom parsing, it
achieves this by setting the tag list to a special marker value (in this
case the NULL pointer). When this marker value is detected, the function
will just skip parsing the maker note and return true. Therefore, the
other code will believe that the IFD is not corrupt.

This approach is similar to handing an unrecognised maker note type
(see the loop on top of exif_process_IFD_in_MAKERNOTE() which also
returns true and treats it as a string). The end result of this patch
is that the DJI info maker note is considered as unknown to the caller of
exif_process_IFD_in_MAKERNOTE(), and therefore that the other EXIF
metadata can be parsed successfully.

Also fix debug output typos in exif.

Closes GH-10470.

show more ...

Add support for sensitive parameters in stubs

Declare ext/exif constants in stubs (#8680)

Initialise zend_stat_t to fix MSAN build

Fixed some spaces used instead of tabs

Update http->https in license (#6945)

1. Update: http://www.php.net/license/3_01.txt to https, as there is anyway server header "Location:" to https.
2. Update few license 3.0 to 3.01 as

Update http->https in license (#6945)

1. Update: http://www.php.net/license/3_01.txt to https, as there is anyway server header "Location:" to https.
2. Update few license 3.0 to 3.01 as 3.0 states "php 5.1.1, 4.1.1, and earlier".
3. In some license comments is "at through the world-wide-web" while most is without "at", so deleted.
4. fixed indentation in some files before |

show more ...

Introduce pseudo-keyword ZEND_FALLTHROUGH

And use it instead of comments

Replace zend_bool uses with bool

We're starting to see a mix between uses of zend_bool and bool.
Replace all usages with the standard bool type everywhere.

Of course, zend_bool

Replace zend_bool uses with bool

We're starting to see a mix between uses of zend_bool and bool.
Replace all usages with the standard bool type everywhere.

Of course, zend_bool is retained as an alias.

show more ...

Remove Z_PARAM separate params where they don't make sense

Separation can only possibly make sense for array parameters
(or something that can contain arrays, like zval parameters). It

Remove Z_PARAM separate params where they don't make sense

Separation can only possibly make sense for array parameters
(or something that can contain arrays, like zval parameters). It
never makes sense to separate a bool.

The deref parameters are also of dubious utility, but leaving them
for now.

show more ...

Run tidy

This should fix most of the remaining issues with tabs and spaces
being mixed in tests.

Make null byte error a ValueError

Currently we treat paths with null bytes as a TypeError, which is
incorrect, and rather inconsistent, as we treat empty paths as
ValueError. We do t

Make null byte error a ValueError

Currently we treat paths with null bytes as a TypeError, which is
incorrect, and rather inconsistent, as we treat empty paths as
ValueError. We do this because the error is generated by zpp and
it's easier to always throw TypeError there.

This changes the zpp implementation to throw a TypeError only if
the type is actually wrong and throw ValueError for null bytes.
The error message is also split accordingly, to be more precise.

Closes GH-6094.

show more ...

Promote warnings in exif

The only thing that can promoted are the path-related checked.
Everything else is input dependent and error-suppressing these
functions is both the typical a

Promote warnings in exif

The only thing that can promoted are the path-related checked.
Everything else is input dependent and error-suppressing these
functions is both the typical and the recommended usage.

show more ...

Remove some unnecessary HAVE_EXTNAME guards

A recurring pattern in old extension: Putting the whole source
code behind HAVE_EXTNAME. This is pointless, as the code is only
compiled i

Remove some unnecessary HAVE_EXTNAME guards

A recurring pattern in old extension: Putting the whole source
code behind HAVE_EXTNAME. This is pointless, as the code is only
compiled if the extension is enabled.

This removes a couple of them, but not all.

show more ...

Merge branch 'PHP-7.4'

* PHP-7.4:
Make MAX_IFD_NESTING_LEVEL an actual nesting level

Merge branch 'PHP-7.3' into PHP-7.4

* PHP-7.3:
Make MAX_IFD_NESTING_LEVEL an actual nesting level

Make MAX_IFD_NESTING_LEVEL an actual nesting level

Currently we only ever increment ifd_nesting_level, so this ends up
being a limit on the total number of IFD tags and we regularly get

Make MAX_IFD_NESTING_LEVEL an actual nesting level

Currently we only ever increment ifd_nesting_level, so this ends up
being a limit on the total number of IFD tags and we regularly get
bug reports of it being exceeded. I think the intention behind this
limit was to prevent recursion stack overflow, and for that we only
need to check actual recursive usage. I've implemented that here,
and dropped the nesting limit down to a smaller value
(which still passes our tests).

However, it seems that we do also need to have a total limit on
the number of tags, as we don't catch some instances of infinite
looping otherwise. Add this as a separate limit with a higher
value, that should hopefully be sufficient.

This is expected to fix a number of bugs:

https://bugs.php.net/bug.php?id=78083
https://bugs.php.net/bug.php?id=78701
https://bugs.php.net/bug.php?id=79907
https://bugs.php.net/bug.php?id=80016

show more ...

Merge branch 'PHP-7.4'

* PHP-7.4:
Fix bug #75785 by attempt switching endianness on Maker's Note

Merge branch 'PHP-7.3' into PHP-7.4

* PHP-7.3:
Fix bug #75785 by attempt switching endianness on Maker's Note

Fix bug #75785 by attempt switching endianness on Maker's Note

Different manufacturer models may come with a
different endianness (motorola/intel) format. In
order to avoid a big ref

Fix bug #75785 by attempt switching endianness on Maker's Note

Different manufacturer models may come with a
different endianness (motorola/intel) format. In
order to avoid a big refactor and a gigantic lookup
table, this commit simply attempts to switch the
endianness and proceed when values are acceptable.

Closes GH-5849.

show more ...

Put debug function behind ifdef

Restore warning