php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #15174 JPEG SOFn marker incompletely read
Submitted: 2002-01-22 15:54 UTC Modified: 2002-03-09 11:00 UTC
From: mul at rentapacs dot com Assigned: helly (profile)
Status: Closed Package: GetImageSize related
PHP Version: 4.1.1 OS: Linux
Private report: No CVE-ID: None
View Add Comment Developer Edit
Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know!
Just going to say 'Me too!'? Don't clutter the database with that please !
Your email address:
MUST BE VALID
Solve the problem:
46 + 15 = ?
Subscribe to this entry?

 
 [2002-01-22 15:54 UTC] mul at rentapacs dot com
In ext/standard/image.c:static struct gfxinfo *php_handle_jpeg():

After $result->channels has been read from the file, there are still $result->channels * 3 bytes left in the SOF marker. These bytes have to be read to synchronize reading of the following markers in the JPEG stream. If not, bogus markers will be decoded and SOS marker will be missed in most cases.

The following patch against 4.1.1 might take care of the problem:

--- ext/standard/image.c.orig   Sat Aug 11 19:03:37 2001
+++ ext/standard/image.c        Tue Jan 22 21:14:31 2002
@@ -323,6 +323,8 @@
        unsigned int marker;
        char tmp[2];
        unsigned char a[4];
+       unsigned short skip;
+       unsigned char *buffer;
 
        for (;;) {
                marker = php_next_marker(socketd, fp, issock);
@@ -349,6 +351,11 @@
                result->height = (((unsigned short) a[ 0 ]) << 8) + ((unsigned short) a[ 1 ]);
                result->width  = (((unsigned short) a[ 2 ]) << 8) + ((unsigned short) a[ 3 ]);
                result->channels = FP_FGETC(socketd, fp, issock);
+               /* skip component specification parameters */
+               skip = result->channels * 3;
+               buffer = emalloc(skip);
+               FP_FREAD(buffer, (long) skip, socketd, fp, issock);
+               efree(buffer);

                if (! info) /* if we don't want an extanded info -> return */
                        return result;

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2002-03-09 11:00 UTC] helly@php.net
SOFn sections have format:
LL B HH WW C C*3
L=length of section
B=bits per sample
H=height
w=width
c=channels
+3*c bytes for channel information

code will be added in next cvs version / php 4.3
 
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Fri May 14 15:01:25 2021 UTC