php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #40073 exif_read_data dies on certain images
Submitted: 2007-01-09 11:07 UTC Modified: 2007-01-09 17:55 UTC
From: camka at email dot ee Assigned: helly
Status: Closed Package: EXIF related
PHP Version: 5.2.1RC2 OS: *
Private report: No CVE-ID:
 [2007-01-09 11:07 UTC] camka at email dot ee
Description:
------------
PHP dies on certain files format while reading exif data with exif_read_date because of some maximum directory nesting level reached. The function should return FALSE and let the program flow further. Otherwice misformated image processing may kill script and break the program logic.

Even if i suppress warnings with @ sign, i still cannot manage to let the program go further after unsuccessfull reading exif data.

broken file:
http://www.hot.ee/camka/orig.phpJCN9Ir.jpg

Tried with 5.1.6, 5.2.0 and latest snapshot of 5.2.1.

P.S. All editors successfully show EXIF data for current file, so maybe it's not misformatted exif data but exif extension cannot process some newer exif formats?

Reproduce code:
---------------
<?
$z = exif_read_data('orig.phpJCN9Ir.jpg', 'FILE,COMPUTED,IFD0,EXIF', true, false);
var_dump($z);


Expected result:
----------------
[...Errors (see below)...]
FALSE

Actual result:
--------------
$ php exif.php
PHP Warning:  exif_read_data(orig.phpJCN9Ir.jpg): Illegal IFD size: x04F6 + 2 + xFFF1*12 = xC0442 > x16BF in exif.php on line 2
PHP Warning:  exif_read_data(orig.phpJCN9Ir.jpg): Process tag(x0002=UndefinedTa): Illegal format code 0x0020, suppose BYTE in exif.php on line 2
PHP Warning:  exif_read_data(orig.phpJCN9Ir.jpg): Process tag(x0002=UndefinedTa): Illegal pointer offset(x10F0000 + x10A0000 = x2190000 > x16BF) in exif.php on line 2
PHP Warning:  exif_read_data(orig.phpJCN9Ir.jpg): Process tag(x0002=UndefinedTa): Illegal format code 0x0014, suppose BYTE in exif.php on line 2
PHP Warning:  exif_read_data(orig.phpJCN9Ir.jpg): Process tag(x0002=UndefinedTa): Illegal pointer offset(x1100000 + x12A0000 = x23A0000 > x16BF) in exif.php on line 2
PHP Warning:  exif_read_data(orig.phpJCN9Ir.jpg): Process tag(x0002=UndefinedTa): Illegal format code 0x0011, suppose BYTE in exif.php on line 2
PHP Warning:  exif_read_data(orig.phpJCN9Ir.jpg): Process tag(x0002=UndefinedTa): Illegal pointer offset(x1120000 + x13E0000 = x2500000 > x16BF) in exif.php on line 2
PHP Warning:  exif_read_data(orig.phpJCN9Ir.jpg): Process tag(x0003=UndefinedTa): Illegal pointer offset(x11AFF1A + x10000 = x11BFF1A > x16BF) in exif.php on line 2
PHP Warning:  exif_read_data(orig.phpJCN9Ir.jpg): Process tag(x0005=UndefinedTa): Illegal pointer offset(x11B0000 + x14F0000 = x26A0000 > x16BF) in exif.php on line 2
PHP Warning:  exif_read_data(orig.phpJCN9Ir.jpg): Process tag(x0005=UndefinedTa): Illegal pointer offset(x1280000 + x1570000 = x27F0000 > x16BF) in exif.php on line 2
PHP Warning:  exif_read_data(orig.phpJCN9Ir.jpg): Process tag(x0003=UndefinedTa): Illegal pointer offset(x131FF97 + x20000 = x133FF97 > x16BF) in exif.php on line 2
PHP Warning:  exif_read_data(orig.phpJCN9Ir.jpg): Process tag(x0002=UndefinedTa): Illegal pointer offset(x1320000 + x57C0000 = x6AE0000 > x16BF) in exif.php on line 2
PHP Warning:  exif_read_data(orig.phpJCN9Ir.jpg): Process tag(x0002=UndefinedTa): Illegal format code 0x0014, suppose BYTE in exif.php on line 2
PHP Warning:  exif_read_data(orig.phpJCN9Ir.jpg): Process tag(x0002=UndefinedTa): Illegal pointer offset(x2130000 + x1680000 = x37B0000 > x16BF) in exif.php on line 2
PHP Warning:  exif_read_data(orig.phpJCN9Ir.jpg): Process tag(x0003=UndefinedTa): Illegal pointer offset(xA401FF9C + x20000 = xA403FF9C > x16BF) in exif.php on line 2
PHP Warning:  exif_read_data(orig.phpJCN9Ir.jpg): Process tag(x0005=UndefinedTa): Illegal pointer offset(xA4060000 + x17C0000 = xA5820000 > x16BF) in exif.php on line 2
PHP Warning:  exif_read_data(orig.phpJCN9Ir.jpg): Process tag(x0003=UndefinedTa): Illegal pointer offset(xA408FF9F + x10000 = xA409FF9F > x16BF) in exif.php on line 2
PHP Warning:  exif_read_data(orig.phpJCN9Ir.jpg): Process tag(x0007=UndefinedTa): Illegal format code 0x0104, suppose BYTE in exif.php on line 2
PHP Warning:  exif_read_data(orig.phpJCN9Ir.jpg): Process tag(x0007=UndefinedTa): Illegal pointer offset(x87690000 + x1840000 = x88ED0000 > x16BF) in exif.php on line 2
PHP Warning:  exif_read_data(orig.phpJCN9Ir.jpg): Process tag(x0004=UndefinedTa): Illegal pointer offset(x7C70000 + x2880000 = xA4F0000 > x16BF) in exif.php on line 2
PHP Warning:  exif_read_data(orig.phpJCN9Ir.jpg): Process tag(x0000=UndefinedTa): Illegal format code 0x4C4F, suppose BYTE in exif.php on line 2
PHP Warning:  exif_read_data(orig.phpJCN9Ir.jpg): Process tag(x0000=UndefinedTa): Illegal pointer offset(x49442053 + x55504D59 = x9E946DAC > x16BF) in exif.php on line 2
PHP Warning:  exif_read_data(orig.phpJCN9Ir.jpg): Process tag(x4947=UndefinedTa): Illegal format code 0x4154, suppose BYTE in exif.php on line 2
PHP Warning:  exif_read_data(orig.phpJCN9Ir.jpg): Process tag(x4947=UndefinedTa): Illegal pointer offset(x4152454D + x4143204C = x82956599 > x16BF) in exif.php on line 2
PHP Warning:  exif_read_data(orig.phpJCN9Ir.jpg): Process tag(x2020=UndefinedTa): Illegal format code 0x2020, suppose BYTE in exif.php on line 2
PHP Warning:  exif_read_data(orig.phpJCN9Ir.jpg): Process tag(x2020=UndefinedTa): Illegal pointer offset(x4C4F0020 + x20202020 = x6C6F2040 > x16BF) in exif.php on line 2
PHP Warning:  exif_read_data(orig.phpJCN9Ir.jpg): Process tag(x4D59=UndefinedTa): Illegal format code 0x5550, suppose BYTE in exif.php on line 2
PHP Warning:  exif_read_data(orig.phpJCN9Ir.jpg): Process tag(x4D59=UndefinedTa): Illegal pointer offset(x524F5052 + x4F432053 = xA19270A5 > x16BF) in exif.php on line 2
PHP Warning:  exif_read_data(orig.phpJCN9Ir.jpg): Process tag(x5441=UndefinedTa): Illegal format code 0x4F49, suppose BYTE in exif.php on line 2
PHP Warning:  exif_read_data(orig.phpJCN9Ir.jpg): Process tag(x5441=UndefinedTa): Illegal pointer offset(x442C3035 + x3358004E = x77843083 > x16BF) in exif.php on line 2
PHP Warning:  exif_read_data(orig.phpJCN9Ir.jpg): Process tag(x3735=UndefinedTa): Illegal format code 0x5A35, suppose BYTE in exif.php on line 2
PHP Warning:  exif_read_data(orig.phpJCN9Ir.jpg): Process tag(x3735=UndefinedTa): Illegal pointer offset(x48005A30 + x3633432C = x7E339D5C > x16BF) in exif.php on line 2
PHP Warning:  exif_read_data(orig.phpJCN9Ir.jpg): Process tag(x0000=UndefinedTa): Illegal format code 0x0100, suppose BYTE in exif.php on line 2
PHP Warning:  exif_read_data(orig.phpJCN9Ir.jpg): Process tag(x0000=UndefinedTa): Illegal pointer offset(x1000000 + x48000000 = x49000000 > x16BF) in exif.php on line 2
PHP Warning:  exif_read_data(orig.phpJCN9Ir.jpg): Process tag(x0000=UndefinedTa): Illegal format code 0x7600, suppose BYTE in exif.php on line 2
PHP Warning:  exif_read_data(orig.phpJCN9Ir.jpg): Process tag(x0000=UndefinedTa): Illegal pointer offset(x36372D + x75383537 = x756E6C64 > x16BF) in exif.php on line 2
PHP Warning:  exif_read_data(orig.phpJCN9Ir.jpg): Process tag(x3032=UndefinedTa): Illegal format code 0x3530, suppose BYTE in exif.php on line 2
PHP Warning:  exif_read_data(orig.phpJCN9Ir.jpg): Process tag(x3032=UndefinedTa): Illegal pointer offset(x31203531 + x3A37303A = x6B57656B > x16BF) in exif.php on line 2
PHP Warning:  exif_read_data(orig.phpJCN9Ir.jpg): Process tag(x3A32=UndefinedTa): Illegal format code 0x3134, suppose BYTE in exif.php on line 2
PHP Warning:  exif_read_data(orig.phpJCN9Ir.jpg): Process tag(x3A32=UndefinedTa): Illegal pointer offset(x0000 < x8278E48) in exif.php on line 2
PHP Warning:  exif_read_data(orig.phpJCN9Ir.jpg): Process tag(x0064=UndefinedTa): Illegal format code 0x0000, suppose BYTE in exif.php on line 2
PHP Warning:  exif_read_data(orig.phpJCN9Ir.jpg): Process tag(x0064=UndefinedTa): Illegal pointer offset(x4D4974 + x6E697250 = x6EB6BBC4 > x16BF) in exif.php on line 2
PHP Warning:  exif_read_data(orig.phpJCN9Ir.jpg): Process tag(x3230=UndefinedTa): Illegal format code 0x3035, suppose BYTE in exif.php on line 2
PHP Warning:  exif_read_data(orig.phpJCN9Ir.jpg): Process tag(x3230=UndefinedTa): Illegal pointer offset(x140001 + x140000 = x280001 > x16BF) in exif.php on line 2
PHP Warning:  exif_read_data(orig.phpJCN9Ir.jpg): Process tag(x0000=UndefinedTa): Illegal format code 0x0100, suppose BYTE in exif.php on line 2
PHP Warning:  exif_read_data(orig.phpJCN9Ir.jpg): Process tag(x0000=UndefinedTa): Illegal format code 0x0102, suppose BYTE in exif.php on line 2
PHP Warning:  exif_read_data(orig.phpJCN9Ir.jpg): Process tag(x0000=UndefinedTa): Illegal pointer offset(x830103 + x0083 = x830186 > x16BF) in exif.php on line 2
PHP Warning:  exif_read_data(orig.phpJCN9Ir.jpg): Process tag(x0000=UndefinedTa): Illegal format code 0x0104, suppose BYTE in exif.php on line 2
PHP Warning:  exif_read_data(orig.phpJCN9Ir.jpg): Process tag(x0000=UndefinedTa): Illegal pointer offset(x830105 + x0083 = x830188 > x16BF) in exif.php on line 2
PHP Warning:  exif_read_data(orig.phpJCN9Ir.jpg): Process tag(x0000=UndefinedTa): Illegal format code 0x0106, suppose BYTE in exif.php on line 2
PHP Warning:  exif_read_data(orig.phpJCN9Ir.jpg): Process tag(x0000=UndefinedTa): Illegal pointer offset(x80800107 + x0083 = x8080018A > x16BF) in exif.php on line 2
PHP Warning:  exif_read_data(orig.phpJCN9Ir.jpg): Process tag(x0080=UndefinedTa): Illegal format code 0x0110, suppose BYTE in exif.php on line 2
PHP Warning:  exif_read_data(orig.phpJCN9Ir.jpg): Process tag(x2710=UndefinedTa): Illegal format code 0x0000, suppose BYTE in exif.php on line 2
PHP Warning:  exif_read_data(orig.phpJCN9Ir.jpg): Process tag(x0597=UndefinedTa): Illegal format code 0x0000, suppose BYTE in exif.php on line 2
PHP Warning:  exif_read_data(orig.phpJCN9Ir.jpg): Process tag(x2710=UndefinedTa): Illegal format code 0x0000, suppose BYTE in exif.php on line 2
PHP Warning:  exif_read_data(orig.phpJCN9Ir.jpg): Process tag(x025E=UndefinedTa): Illegal format code 0x0000, suppose BYTE in exif.php on line 2
PHP Warning:  exif_read_data(orig.phpJCN9Ir.jpg): Process tag(x2710=UndefinedTa): Illegal format code 0x0000, suppose BYTE in exif.php on line 2
PHP Warning:  exif_read_data(orig.phpJCN9Ir.jpg): Process tag(x1BE5=UndefinedTa): Illegal format code 0x0000, suppose BYTE in exif.php on line 2
PHP Warning:  exif_read_data(orig.phpJCN9Ir.jpg): Process tag(x0000=UndefinedTa): Illegal format code 0x0000, suppose BYTE in exif.php on line 2
PHP Warning:  exif_read_data(orig.phpJCN9Ir.jpg): Process tag(x0000=UndefinedTa): Illegal format code 0x0000, suppose BYTE in exif.php on line 2
PHP Warning:  exif_read_data(orig.phpJCN9Ir.jpg): Process tag(x0000=UndefinedTa): Illegal format code 0x0000, suppose BYTE in exif.php on line 2
PHP Warning:  exif_read_data(orig.phpJCN9Ir.jpg): Process tag(x0005=UndefinedTa): Illegal pointer offset(x829D0000 + x3B80000 = x86550000 > x16BF) in exif.php on line 2
PHP Warning:  exif_read_data(orig.phpJCN9Ir.jpg): Process tag(x0018=UndefinedTa): Illegal format code 0x829A, suppose BYTE in exif.php on line 2
PHP Warning:  exif_read_data(orig.phpJCN9Ir.jpg): Process tag(x0018=UndefinedTa): Illegal pointer offset(x3AA0000 + x10005 = x3AB0005 > x16BF) in exif.php on line 2
PHP Warning:  exif_read_data(orig.phpJCN9Ir.jpg): Process tag(x0000=UndefinedTa): Illegal format code 0x829D, suppose BYTE in exif.php on line 2
PHP Warning:  exif_read_data(orig.phpJCN9Ir.jpg): Process tag(x0000=UndefinedTa): Illegal pointer offset(x3B20000 + x10005 = x3B30005 > x16BF) in exif.php on line 2
PHP Warning:  exif_read_data(orig.phpJCN9Ir.jpg): Process tag(x0000=UndefinedTa): Illegal format code 0x8822, suppose BYTE in exif.php on line 2
PHP Warning:  exif_read_data(orig.phpJCN9Ir.jpg): corrupt EXIF header: maximum directory nesting level reached in exif.php on line 2
PHP Warning:  exif_read_data(orig.phpJCN9Ir.jpg): corrupt EXIF header: maximum directory nesting level reached in exif.php on line 2
Segmentation fault


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2007-01-09 11:44 UTC] tony2001@php.net
Marcus, I've fixed the segfault, but the result EXIF data is still b0rked, please see if we can do anything about it.
 [2007-01-09 14:40 UTC] iliaa@php.net
According to a few exif tools this image is either invalid or 
has corrupted exif information. 
 [2007-01-09 17:50 UTC] helly@php.net
It is broken, still the server should not crash. Fix is coming.
 [2007-01-09 17:52 UTC] helly@php.net
Fixed in head
 [2007-01-09 17:55 UTC] helly@php.net
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.


 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Fri Apr 18 13:02:15 2014 UTC