#
376bbbdf |
| 12-Aug-2020 |
Nikita Popov |
Make MAX_IFD_NESTING_LEVEL an actual nesting level Currently we only ever increment ifd_nesting_level, so this ends up being a limit on the total number of IFD tags and we regularly get
Make MAX_IFD_NESTING_LEVEL an actual nesting level Currently we only ever increment ifd_nesting_level, so this ends up being a limit on the total number of IFD tags and we regularly get bug reports of it being exceeded. I think the intention behind this limit was to prevent recursion stack overflow, and for that we only need to check actual recursive usage. I've implemented that here, and dropped the nesting limit down to a smaller value (which still passes our tests). However, it seems that we do also need to have a total limit on the number of tags, as we don't catch some instances of infinite looping otherwise. Add this as a separate limit with a higher value, that should hopefully be sufficient. This is expected to fix a number of bugs: https://bugs.php.net/bug.php?id=78083 https://bugs.php.net/bug.php?id=78701 https://bugs.php.net/bug.php?id=79907 https://bugs.php.net/bug.php?id=80016
show more ...
|
#
2fa4ca95 |
| 12-Jul-2020 |
Nawarian |
Fix bug #75785 by attempt switching endianness on Maker's Note Different manufacturer models may come with a different endianness (motorola/intel) format. In order to avoid a big ref
Fix bug #75785 by attempt switching endianness on Maker's Note Different manufacturer models may come with a different endianness (motorola/intel) format. In order to avoid a big refactor and a gigantic lookup table, this commit simply attempts to switch the endianness and proceed when values are acceptable. Closes GH-5849.
show more ...
|
#
5621c5fa |
| 13-Jun-2020 |
Christoph M. Becker |
Fix #79687: Sony picture - PHP Warning - Make, Model, MakerNotes Even if the length of a maker note does not match our expectations (either because the maker note is corrupted, or becaus
Fix #79687: Sony picture - PHP Warning - Make, Model, MakerNotes Even if the length of a maker note does not match our expectations (either because the maker note is corrupted, or because our expectations do not quite match reality), there is no need to let parsing fail; we can still go on parsing the other meta information.
show more ...
|
#
41f66e2a |
| 16-Mar-2020 |
Stanislav Malyshev |
Fixed bug #79282
|
#
25238bdf |
| 16-Mar-2020 |
Stanislav Malyshev |
Fixed bug #79282
|
#
c14eb8de |
| 16-Dec-2019 |
Stanislav Malyshev |
Fix bug #78793
|
#
b74a300e |
| 16-Dec-2019 |
Stanislav Malyshev |
Fix build - no model field anymore
|
#
d348cfb9 |
| 16-Dec-2019 |
Stanislav Malyshev |
Fixed bug #78910
|
Revision tags: php-7.3.13RC1, php-7.2.26RC1, php-7.4.0, php-7.2.25, php-7.3.12, php-7.4.0RC6, php-7.3.12RC1, php-7.2.25RC1, php-7.4.0RC5, php-7.1.33, php-7.2.24, php-7.3.11, php-7.4.0RC4 |
|
#
daf1fc6e |
| 09-Oct-2019 |
Nikita Popov |
Avoid float to int cast UB in exif
|
#
d6ca174d |
| 09-Oct-2019 |
Nikita Popov |
Remove redundant components < 0 check components is an unsigned number, it cannot be smaller than zero.
|
Revision tags: php-7.3.11RC1, php-7.2.24RC1, php-7.4.0RC3, php-7.2.23, php-7.3.10 |
|
#
f989a4cd |
| 22-Sep-2019 |
Nikita Popov |
Fix leak of temporary buffer during exif tag reading
|
#
0701835c |
| 21-Sep-2019 |
Nikita Popov |
Fix multiple leaks in exif_read_data() This fixes two leaks related to duplicate tags, as well as a leak of zero-length FMT_(S)BYTE with non-null value. This can show up for MAKERNOT
Fix multiple leaks in exif_read_data() This fixes two leaks related to duplicate tags, as well as a leak of zero-length FMT_(S)BYTE with non-null value. This can show up for MAKERNOTE values where the original length is non-zero, but the first character is a null byte.
show more ...
|
#
0fa13028 |
| 19-Sep-2019 |
Nikita Popov |
Fix out-of-bounds read in exif tag reading This issue was recently introduced in c739023a50876e2a90588f915803b0140a95638e, when the restriction that components>0 has been relaxed. We now
Fix out-of-bounds read in exif tag reading This issue was recently introduced in c739023a50876e2a90588f915803b0140a95638e, when the restriction that components>0 has been relaxed. We now need to make sure that any tags that expect at least one component check that this is the case.
show more ...
|
#
3e139a46 |
| 19-Sep-2019 |
Nikita Popov |
Fix exif leak on duplicate copyright tags
|
Revision tags: php-7.4.0RC2 |
|
#
31f617d9 |
| 12-Sep-2019 |
Christoph M. Becker |
Fix exif build As of PHP 7.3.0 the `model` field is removed.
|
#
2823e938 |
| 12-Sep-2019 |
Kalle Sommer Nielsen |
Fixed bug #78442 ('Illegal component' on exif_read_data since PHP7)
|
Revision tags: php-7.2.23RC1, php-7.3.10RC1, php-7.4.0RC1, php-7.1.32, php-7.2.22, php-7.3.9, php-7.4.0beta4, php-7.2.22RC1, php-7.3.9RC1, php-7.4.0beta2, php-7.1.31, php-7.2.21, php-7.3.8 |
|
#
68fd435b |
| 29-Jul-2019 |
Nikita Popov |
Fixed bug #78333 Don't dereference float/double values at unknown address, instead memcpy it into an aligned stack slot and dereference that.
|
#
d142dfc9 |
| 29-Jul-2019 |
Nikita Popov |
Fixed bug #78333 Don't dereference float/double values at unknown address, instead memcpy it into an aligned stack slot and dereference that.
|
Revision tags: php-7.4.0beta1, php-7.2.21RC1, php-7.3.8RC1, php-7.4.0alpha3 |
|
#
aeb6d131 |
| 08-Jul-2019 |
Stanislav Malyshev |
Fix bug #78256 (heap-buffer-overflow on exif_process_user_comment)
|
#
dea2989a |
| 08-Jul-2019 |
Stanislav Malyshev |
Fix bug #78222 (heap-buffer-overflow on exif_scan_thumbnail)
|
Revision tags: php-7.3.7, php-7.2.20, php-7.4.0alpha2, php-7.3.7RC3, php-7.3.7RC2, php-7.2.20RC2, php-7.4.0alpha1, php-7.3.7RC1, php-7.2.20RC1, php-7.2.19, php-7.3.6, php-7.1.30 |
|
#
73ff4193 |
| 28-May-2019 |
Stanislav Malyshev |
Fix bug #77988 - heap-buffer-overflow on php_jpg_get16
|
Revision tags: php-7.2.19RC1, php-7.3.6RC1, php-7.1.29, php-7.2.18, php-7.3.5 |
|
#
f80ad18a |
| 30-Apr-2019 |
Stanislav Malyshev |
Fix bug #77950 - Heap-buffer-overflow in _estrndup via exif_process_IFD_TAG I do not completely understand what is going on there, but I am pretty sure dir_entry <= offset_base if not a
Fix bug #77950 - Heap-buffer-overflow in _estrndup via exif_process_IFD_TAG I do not completely understand what is going on there, but I am pretty sure dir_entry <= offset_base if not a normal situation, so we better not to rely on such dir_entry.
show more ...
|
Revision tags: php-7.2.18RC1, php-7.3.5RC1, php-7.2.17, php-7.3.4, php-7.1.28 |
|
#
dc1cd3da |
| 02-Apr-2019 |
Remi Collet |
fix paste issue
|
#
01a4de5c |
| 02-Apr-2019 |
Christoph M. Becker |
Pointer arithmetic on void pointers is illegal We quick-fix this by casting to char*; it might be more appropriate to use char pointers in the first place.
|
#
887a7b57 |
| 02-Apr-2019 |
Stanislav Malyshev |
Fixed bug #77831 - Heap-buffer-overflow in exif_iif_add_value in EXIF
|