|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #31986 exif_read_data incorrectly calculates nesting_level, throwing warnings
Submitted: 2005-02-15 15:24 UTC Modified: 2005-02-15 22:56 UTC
Avg. Score:3.5 ± 0.5
Reproduced:2 of 2 (100.0%)
Same Version:2 (100.0%)
Same OS:2 (100.0%)
From: dpark at mit dot edu Assigned:
Status: Closed Package: EXIF related
PHP Version: 4CVS-2005-02-15 (stable) OS: Linux
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
Block user comment
Status: Assign to:
Bug Type:
From: dpark at mit dot edu
New email:
PHP Version: OS:


 [2005-02-15 15:24 UTC] dpark at mit dot edu
Related to #31797?  exif_read_data is still throwing the same warnings as in #31797 on every camera-created image I give it (for cameras both new and old, cheap and expensive).  

The Debian package in question is actually based off the 2005-02-06 4CVS snapshot, which is later than the time at which #31797 was reported to be fixed in 4CVS.  Adam Conrad, the package maintainer, confirms the bug is in PHP, and can reproduce the problem with his own camera-created images.

Quoting an email from Adam Conrad:

Danny Park said:
> Anyway, when you say the nesting limit was increased from 5 to 25, are
> you saying 4.3.10-3 reflects that increase?

Indeed, it does.  However, it seems that the way the code's written, the nesting_level increases quite rapidly, and obviously takes on a different meaning than the original developer thought it had.

As an example your 5 images all work fine with jhead(1), which has a hardcoded directory nesting limit of *5*.  However, with some debug statements thrown into PHP's exif.c, we're reaching nesting levels of:

img_0949.jpg: 53
P1000415.JPG: 54
IMG_0669.JPG: 65
DSC00804.JPG: 48
dcp00884.jpg: 38

I don't currently have the time to hunt down what upstream's doing wrong here, so I would encourage you to (re)file this bug upstream, and you're welcome to quote this whole message.

I recommend they have a look at what jhead(1) is considering "directory nesting" and mimic it, since PHP's obviously doing something a bit differently.

If it doesn't get fixed properly upstream in a relatively timely fashion, I'll make sure the next Debian packages uploaded either revert this change, or hack MAX_IFD_NESTING_LEVEL to be something ridiculously high,
like 250.  I'll test with some pro cameras lying around the house here to see just how much higher we can get before I do that.

A second email from Adam Conrad:

Woo.  An image from my EOS 300D gets the counter up to 75.  I'm just going to set it at 250 in the next upload. :)

You should still talk to upsteam about unbreaking this, as it LOOKS like they're incrementing the counter at altogether the wrong bounday.

Reproduce code:
$url  = "";
print("\n\ntest img 1 - canon powershot S45\n");
$data = exif_read_data($url);
$url  = "";
print("\n\ntest img 2 - panasonic DMC-FZ20\n");
$data = exif_read_data($url);
$url  = "";
print("\n\ntest img 3 - powershot S1 IS\n");
$data = exif_read_data($url);
$url  = "";
print("\n\ntest img 4 - sony cybershot\n");
$data = exif_read_data($url);
$url  = "";
print("\n\ntest img 5 - kodak DC210\n");
$data = exif_read_data($url);

Expected result:
Output of the print and print_r statements.

Actual result:
Output of the print and print_r statements interspersed with "<b>Warning</b>:  exif_read_data(imagefilename.jpg): corrupt EXIF header: maximum directory nesting level reached in <b>/path/to/script</b> on line <b>line in script</b>"

Each image produces two or three such warnings.


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2005-02-15 22:56 UTC]
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
Thank you for the report, and for helping us make PHP better.

PHP Copyright © 2001-2023 The PHP Group
All rights reserved.
Last updated: Mon Oct 02 12:01:25 2023 UTC