php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #13213 Unknown image format
Submitted: 2001-09-08 15:07 UTC Modified: 2003-12-15 17:04 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:0 (0.0%)
Same OS:0 (0.0%)
From: pulstar at mail dot com Assigned: helly (profile)
Status: Closed Package: GetImageSize related
PHP Version: 4.1.1 OS: Linux RedHat 7.1
Private report: No CVE-ID: None
 [2001-09-08 15:07 UTC] pulstar at mail dot com
GetImageSize() don't recognize the JPG image format generated by a software called Arles Image Web Page Creator. I make a test script, that you can see at the address below. There have also links to sample images, etc. 

http://www.dr-micro.net/files/gis.php

The browser display the images normally. This program website is at http://www.digitaldutch.com

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2002-01-07 08:49 UTC] lobbin@php.net
I get a 404 not found on this url.
 [2002-01-07 10:17 UTC] pulstar at mail dot com
ID: 13213
Updated by: lobbin

I get a 404 not found on this url.

http://www.dr-micro.net/files/gis.php

Sorry. I sent this script to the server months ago and somebody removed it from there... Please try again.

 [2002-01-11 17:09 UTC] lobbin@php.net
I experience the same on 4.1.1
 [2002-01-22 13:15 UTC] mul at rentapacs dot com
Offending images contain COM marker with length parameter two bytes short. This breaks further decoding of JPEG header - GetImageSize() cannot return useful information.
 [2002-01-22 16:34 UTC] mul at rentapacs dot com
Solution: Read additional bytes to resync on the marker sequence. If marker length is too short, nothing is lost. If too long, one marker will be missing. Besides that APPn in $info array will contain consistent entries and no bogus markers. Uhm, ... and if the JPEG format follows the spec and contains correct marker lengths, it will work also ;-)

This patch against 4.1.1 might do the trick:
--- ext/standard/image.c.orig   Sat Aug 11 19:03:37 2001
+++ ext/standard/image.c        Tue Jan 22 22:10:42 2002
@@ -253,12 +253,20 @@
 
 /* {{{ php_next_marker
  */
-static unsigned int php_next_marker(int socketd, FILE *fp, int issock)
+static unsigned int php_next_marker(int socketd, FILE *fp, int issock, int isfirst)
         /* get next marker byte from file */
 {
        int c;
 
-       /* get marker byte, swallowing possible padding */
+       if (!isfirst) {
+               /* swallow bytes resulting from short marker length */
+               do {
+                       if ((c = FP_FGETC(socketd, fp, issock)) == EOF)
+                               return M_EOI;       /* we hit EOF */
+               } while (c != 0xff);
+       }
+
+       /* get marker byte, swallowing possible 0xff padding */
        do {
                if ((c = FP_FGETC(socketd, fp, issock)) == EOF)
                        return M_EOI;           /* we hit EOF */
@@ -320,12 +328,14 @@
 static struct gfxinfo *php_handle_jpeg (int socketd, FILE *fp, int issock, pval *info)
 {
        struct gfxinfo *result = NULL;
+       int isfirst = 1;        /* First marker after JPEG sig 'FF D8 FF' */
        unsigned int marker;
        char tmp[2];
        unsigned char a[4];
 
        for (;;) {
-               marker = php_next_marker(socketd, fp, issock);
+               marker = php_next_marker(socketd, fp, issock, isfirst);
+               isfirst = 0;
                switch (marker) {
                        case M_SOF0:
                        case M_SOF1:
 [2002-03-08 11:44 UTC] helly@php.net
The current CVS implementation has been improoved on that.
As you can see from exif's debug warnings. photo1 and photo3 are illegal. An internal section says it is longer than the file :-(

I could implement handling that but it would blow up code.
I will consider the applied patch...

photo1.jpg 
GetImageSize [ , , , ] 
exif_read_data exif_read_data returned false
Invalid JPEG/TIFF file: 'photo1.jpg' 
21 
PHP Warning: error reading from file: got=x3648(=13896) != itemlen-2=x4EE1(=20193)

photo2.jpg 
GetImageSize [ 640, 480, 2, width="640" height="480" ] 
exif_read_data exif_read_data returned false
O.K. 
22 

photo3.jpg 
GetImageSize [ , , , ] 
exif_read_data exif_read_data returned false
Invalid JPEG/TIFF file: 'photo3.jpg' 
23 
PHP Warning: error reading from file: got=x1E3D(=7741) != itemlen-2=xF698(=63128)

photo4.jpg 
GetImageSize [ 640, 480, 2, width="640" height="480" ] 
exif_read_data exif_read_data returned false
O.K. 

 [2002-03-09 11:04 UTC] helly@php.net
Took a closer look on the file.
The promlem is that both photo1 and photo3 have an illegal comment section. The section is appended by some 0x00 where 0xFF were expected. As other software ignores the NULLs i will add this to CVS / php4.3 version.
 [2002-03-10 07:15 UTC] janderk at digitaldutch dot com
I'm the main developer of Arles Image Web Page Creator, the application that generated those JPEG's with the illegal comment section. I got an email about this PHP BUG report from a user asking me to repair this Arles bug.

FYI: It was a bug in an older versions of Arles and has been repaired in the latest releases. It was actually caused by a bug in the Intel JPEG library we used at that time.

I'm glad that we could help making PHP more robust in reading corrupted images ;)
 [2003-12-15 17:04 UTC] helly@php.net
Also see: Bug #25905 getimagesize fail with some jpegs 
 [2004-02-01 16:05 UTC] lee at klres dot com
How do I repair a jpg file with uknown format? Burned from memory tsick to CD, but now can't open any of them.
 [2004-02-01 16:06 UTC] lee at klres dot com
How do I repair a jpg file with uknown format? Burned from memory tsick to CD, but now can't open any of them.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sun Oct 13 04:01:26 2024 UTC