|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Doc Bug #74239 getimagesize returns incorrect value for corrupt file.
Submitted: 2017-03-12 10:12 UTC Modified: 2017-03-17 12:12 UTC
Avg. Score:3.0 ± 2.0
Reproduced:1 of 2 (50.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: akaamitgupta at gmail dot com Assigned: cmb (profile)
Status: Closed Package: GetImageSize related
PHP Version: 5.6.30 OS: Mac OSX
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Bug Type:
From: akaamitgupta at gmail dot com
New email:
PHP Version: OS:


 [2017-03-12 10:12 UTC] akaamitgupta at gmail dot com
I have wrapped an executable inside an image which has the following content -

echo 'hacked';

and saved it as filename image.gif.

Whene I use getimagesize() PHP function then it returns

array:6 [▼
  0 => 16188
  1 => 26736
  2 => 1
  3 => "width="16188" height="26736""
  "channels" => 3
  "mime" => "image/gif"

although image is not valid but still it has valid width and height.


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2017-03-17 11:58 UTC]
-Status: Open +Status: Verified -Package: *General Issues +Package: GetImageSize related -Assigned To: +Assigned To: cmb
 [2017-03-17 11:58 UTC]
From the manual[1]:

| This function expects filename to be a valid image file. If a
| non-image file is supplied, it may be incorrectly detected as an
| image and the function will return successfully.

This notice should better be moved to a more prominent place, and be
improved. So I'm changing to doc-bug.

[1] <>
 [2017-03-17 12:12 UTC]
Automatic comment from SVN on behalf of cmb
Log: Fix #74239: getimagesize returns incorrect value for corrupt file.

We promote the respective notice to a caution, move it up, and explain
that the returned array may contain nonsense.
 [2017-03-17 12:12 UTC]
-Status: Verified +Status: Closed -Type: Bug +Type: Documentation Problem
 [2017-03-17 12:12 UTC]
This bug has been fixed in the documentation's XML sources. Since the
online and downloadable versions of the documentation need some time
to get updated, we would like to ask you to be a bit patient.

Thank you for the report, and for helping us make our documentation better.
 [2020-02-07 06:06 UTC]
Automatic comment on behalf of cmb
Log: Fix #74239: getimagesize returns incorrect value for corrupt file.
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Jul 18 18:01:30 2024 UTC