PHP :: Bug #15174 :: JPEG SOFn marker incompletely read

Bug #15174	JPEG SOFn marker incompletely read
Submitted:	2002-01-22 15:54 UTC	Modified:	2002-03-09 11:00 UTC
From:	mul at rentapacs dot com	Assigned:	helly (profile)
Status:	Closed	Package:	GetImageSize related
PHP Version:	4.1.1	OS:	Linux
Private report:	No	CVE-ID:	None

View Add Comment Developer Edit

Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know!
Just going to say 'Me too!'? Don't clutter the database with that please !

Your email address: MUST BE VALID
Solve the problem: 8 + 46 = ?
Subscribe to this entry?

[2002-01-22 15:54 UTC] mul at rentapacs dot com

In ext/standard/image.c:static struct gfxinfo *php_handle_jpeg():

After $result->channels has been read from the file, there are still $result->channels * 3 bytes left in the SOF marker. These bytes have to be read to synchronize reading of the following markers in the JPEG stream. If not, bogus markers will be decoded and SOS marker will be missed in most cases.

The following patch against 4.1.1 might take care of the problem:

--- ext/standard/image.c.orig   Sat Aug 11 19:03:37 2001
+++ ext/standard/image.c        Tue Jan 22 21:14:31 2002
@@ -323,6 +323,8 @@
        unsigned int marker;
        char tmp[2];
        unsigned char a[4];
+       unsigned short skip;
+       unsigned char *buffer;
 
        for (;;) {
                marker = php_next_marker(socketd, fp, issock);
@@ -349,6 +351,11 @@
                result->height = (((unsigned short) a[ 0 ]) << 8) + ((unsigned short) a[ 1 ]);
                result->width  = (((unsigned short) a[ 2 ]) << 8) + ((unsigned short) a[ 3 ]);
                result->channels = FP_FGETC(socketd, fp, issock);
+               /* skip component specification parameters */
+               skip = result->channels * 3;
+               buffer = emalloc(skip);
+               FP_FREAD(buffer, (long) skip, socketd, fp, issock);
+               efree(buffer);

                if (! info) /* if we don't want an extanded info -> return */
                        return result;

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2002-03-09 11:00 UTC] helly@php.net

SOFn sections have format:
LL B HH WW C C*3
L=length of section
B=bits per sample
H=height
w=width
c=channels
+3*c bytes for channel information

code will be added in next cvs version / php 4.3

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Fri Apr 26 03:01:32 2024 UTC