php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #69706 getimagesize() can fail if the underlying stream doensn't support seeking
Submitted: 2015-05-25 18:29 UTC Modified: 2020-04-02 11:25 UTC
Votes:11
Avg. Score:4.4 ± 0.9
Reproduced:9 of 9 (100.0%)
Same Version:4 (44.4%)
Same OS:2 (22.2%)
From: deviantintegral at gmail dot com Assigned: cmb (profile)
Status: Feedback Package: GetImageSize related
PHP Version: 5.6.9 OS: Any
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: deviantintegral at gmail dot com
New email:
PHP Version: OS:

 

 [2015-05-25 18:29 UTC] deviantintegral at gmail dot com
Description:
------------
I've verified this is an issue on PHP 5.4, 5.6, and statically on the master branch.

The AWS SDK (https://aws.amazon.com/sdk-for-php/) includes a stream wrapper that by default does not support seeking on files backed by S3. Calling getimagesize() on an image can fail if php_skip_variable() is called. I've seen this happen with images that specify the "Image Quality" EXIF tag, which is the M_APP15 constant in ext/standard/image.c.

The stream documentation states that seeking is not required to be supported by stream wrappers, and it's not clear that getimagesize() needs seeking to work properly.

I see two ways to improve this:

* Log a notice if php_skip_variable() tries to seek on an unseekable stream. That would have saved me a ton of time tracing this with GDB.
* Or, if a stream is not seekable, copy the file to the temporary file system and fetch metadata from there. 


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2020-04-02 11:25 UTC] cmb@php.net
-Status: Open +Status: Feedback -Assigned To: +Assigned To: cmb
 [2020-04-02 11:25 UTC] cmb@php.net
For SEEK_CUR and positive offsets, non-seekable streams are
supposed to be read (discarding what was written).  So if you can
still reproduce this issue with any of the actively supported PHP
versions[1], please provide a minimal self-contained reproduce
script.

[1] <https://www.php.net/supported-versions.php>
 
PHP Copyright © 2001-2020 The PHP Group
All rights reserved.
Last updated: Mon Apr 06 11:01:25 2020 UTC