php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #31986 exif_read_data incorrectly calculates nesting_level, throwing warnings
Submitted: 2005-02-15 15:24 UTC Modified: 2005-02-15 22:56 UTC
Votes:2
Avg. Score:3.5 ± 0.5
Reproduced:2 of 2 (100.0%)
Same Version:2 (100.0%)
Same OS:2 (100.0%)
From: dpark at mit dot edu Assigned:
Status: Closed Package: EXIF related
PHP Version: 4CVS-2005-02-15 (stable) OS: Linux
Private report: No CVE-ID: None
 [2005-02-15 15:24 UTC] dpark at mit dot edu
Description:
------------
Related to #31797?  exif_read_data is still throwing the same warnings as in #31797 on every camera-created image I give it (for cameras both new and old, cheap and expensive).  

The Debian package in question is actually based off the 2005-02-06 4CVS snapshot, which is later than the time at which #31797 was reported to be fixed in 4CVS.  Adam Conrad, the package maintainer, confirms the bug is in PHP, and can reproduce the problem with his own camera-created images.


Quoting an email from Adam Conrad:

Danny Park said:
> Anyway, when you say the nesting limit was increased from 5 to 25, are
> you saying 4.3.10-3 reflects that increase?

Indeed, it does.  However, it seems that the way the code's written, the nesting_level increases quite rapidly, and obviously takes on a different meaning than the original developer thought it had.

As an example your 5 images all work fine with jhead(1), which has a hardcoded directory nesting limit of *5*.  However, with some debug statements thrown into PHP's exif.c, we're reaching nesting levels of:

img_0949.jpg: 53
P1000415.JPG: 54
IMG_0669.JPG: 65
DSC00804.JPG: 48
dcp00884.jpg: 38

I don't currently have the time to hunt down what upstream's doing wrong here, so I would encourage you to (re)file this bug upstream, and you're welcome to quote this whole message.

I recommend they have a look at what jhead(1) is considering "directory nesting" and mimic it, since PHP's obviously doing something a bit differently.

If it doesn't get fixed properly upstream in a relatively timely fashion, I'll make sure the next Debian packages uploaded either revert this change, or hack MAX_IFD_NESTING_LEVEL to be something ridiculously high,
like 250.  I'll test with some pro cameras lying around the house here to see just how much higher we can get before I do that.


A second email from Adam Conrad:

Woo.  An image from my EOS 300D gets the counter up to 75.  I'm just going to set it at 250 in the next upload. :)

You should still talk to upsteam about unbreaking this, as it LOOKS like they're incrementing the counter at altogether the wrong bounday.

Reproduce code:
---------------
$url  = "http://dpark.mitacf.org/pix/pics/mit04/danny/03-sly_foliage/img_0949.jpg";
print("\n\ntest img 1 - canon powershot S45\n");
$data = exif_read_data($url);
print_r($data);
$url  = "http://dpark.mitacf.org/pix/pics/mit05/janice/01-christmas/P1000415.JPG";
print("\n\ntest img 2 - panasonic DMC-FZ20\n");
$data = exif_read_data($url);
print_r($data);
$url  = "http://dpark.mitacf.org/pix/pics/mit04/fslee/08-usgl_beach_sunrise/IMG_0669.JPG";
print("\n\ntest img 3 - powershot S1 IS\n");
$data = exif_read_data($url);
print_r($data);
$url  = "http://dpark.mitacf.org/pix/pics/mit04/chking/01-ivcf_sound_closet/DSC00804.JPG";
print("\n\ntest img 4 - sony cybershot\n");
$data = exif_read_data($url);
print_r($data);
$url  = "http://dpark.mitacf.org/pix/pics/mit00/dannys_camera/08-burton5-asbestos-evac/dcp00884.jpg";
print("\n\ntest img 5 - kodak DC210\n");
$data = exif_read_data($url);
print_r($data);

Expected result:
----------------
Output of the print and print_r statements.

Actual result:
--------------
Output of the print and print_r statements interspersed with "<b>Warning</b>:  exif_read_data(imagefilename.jpg): corrupt EXIF header: maximum directory nesting level reached in <b>/path/to/script</b> on line <b>line in script</b>"

Each image produces two or three such warnings.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2005-02-15 22:56 UTC] iliaa@php.net
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.


 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Wed Dec 04 08:01:29 2024 UTC