php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #54723 getimagesize() incorrectly identifies files as ICO which aren't
Submitted: 2011-05-12 19:12 UTC Modified: 2011-05-13 07:07 UTC
From: don at smugmug dot com Assigned: scottmac
Status: Closed Package: GetImageSize related
PHP Version: 5.3.6 OS: CentOS 5.5
Private report: No CVE-ID:
 [2011-05-12 19:12 UTC] don at smugmug dot com
Description:
------------
When certain types of files are uploaded, including .MPGs, getimagesize() 
incorrectly identifies them as ICOs with a MIME type of 
'image/vnd.microsoft.icon'. 

I suspect certain files probably have embedded icons in them, which is what PHP is 
detecting and reporting, but the actual file isn't an ICO.

A ~500K sample file can be found here:  
http://www.smugmug.com/img/video/problem/php-getimagesize.mpg


Expected result:
----------------
I'd expect FALSE to return, since this isn't a picture and isn't a valid type PHP 
knows about.

Actual result:
--------------
It returns this array:

array(0 => 45,
1 => 82,
2 => 17,
3 => 'width="45" height="82"',
'bits' = 65023,
'mime' = 'image/vnd.microsoft.icon');

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2011-05-12 19:13 UTC] don at smugmug dot com
Grr.  Instead of "are uploaded" that should read "are passed to getimagesize()".  
Sorry about that.
 [2011-05-13 07:06 UTC] scottmac@php.net
Automatic comment from SVN on behalf of scottmac
Revision: http://svn.php.net/viewvc/?view=revision&revision=310980
Log: Fixed bug #54723 - getimagesize() doesn't check the full ico signature and misreports mpg files
 [2011-05-13 07:07 UTC] scottmac@php.net
-Status: Open +Status: Closed -Assigned To: +Assigned To: scottmac
 [2011-05-13 07:07 UTC] scottmac@php.net
This bug has been fixed in SVN.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.


 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Fri Apr 18 20:01:57 2014 UTC