|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #54723 getimagesize() incorrectly identifies files as ICO which aren't
Submitted: 2011-05-12 19:12 UTC Modified: 2011-05-13 07:07 UTC
From: don at smugmug dot com Assigned: scottmac
Status: Closed Package: GetImageSize related
PHP Version: 5.3.6 OS: CentOS 5.5
Private report: No CVE-ID:
 [2011-05-12 19:12 UTC] don at smugmug dot com
When certain types of files are uploaded, including .MPGs, getimagesize() 
incorrectly identifies them as ICOs with a MIME type of 

I suspect certain files probably have embedded icons in them, which is what PHP is 
detecting and reporting, but the actual file isn't an ICO.

A ~500K sample file can be found here:

Expected result:
I'd expect FALSE to return, since this isn't a picture and isn't a valid type PHP 
knows about.

Actual result:
It returns this array:

array(0 => 45,
1 => 82,
2 => 17,
3 => 'width="45" height="82"',
'bits' = 65023,
'mime' = 'image/');


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2011-05-12 19:13 UTC] don at smugmug dot com
Grr.  Instead of "are uploaded" that should read "are passed to getimagesize()".  
Sorry about that.
 [2011-05-13 07:06 UTC]
Automatic comment from SVN on behalf of scottmac
Log: Fixed bug #54723 - getimagesize() doesn't check the full ico signature and misreports mpg files
 [2011-05-13 07:07 UTC]
-Status: Open +Status: Closed -Assigned To: +Assigned To: scottmac
 [2011-05-13 07:07 UTC]
This bug has been fixed in SVN.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
Thank you for the report, and for helping us make PHP better.

PHP Copyright © 2001-2015 The PHP Group
All rights reserved.
Last updated: Tue Dec 01 21:01:34 2015 UTC