|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Doc Bug #74239 getimagesize returns incorrect value for corrupt file.
Submitted: 2017-03-12 10:12 UTC Modified: 2017-03-17 12:12 UTC
Avg. Score:3.0 ± 2.0
Reproduced:1 of 2 (50.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: akaamitgupta at gmail dot com Assigned: cmb (profile)
Status: Closed Package: GetImageSize related
PHP Version: 5.6.30 OS: Mac OSX
Private report: No CVE-ID: None
View Add Comment Developer Edit
Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know!
Just going to say 'Me too!'? Don't clutter the database with that please !
Your email address:
Solve the problem:
13 - 8 = ?
Subscribe to this entry?

 [2017-03-12 10:12 UTC] akaamitgupta at gmail dot com
I have wrapped an executable inside an image which has the following content -

echo 'hacked';

and saved it as filename image.gif.

Whene I use getimagesize() PHP function then it returns

array:6 [▼
  0 => 16188
  1 => 26736
  2 => 1
  3 => "width="16188" height="26736""
  "channels" => 3
  "mime" => "image/gif"

although image is not valid but still it has valid width and height.


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2017-03-17 11:58 UTC]
-Status: Open +Status: Verified -Package: *General Issues +Package: GetImageSize related -Assigned To: +Assigned To: cmb
 [2017-03-17 11:58 UTC]
From the manual[1]:

| This function expects filename to be a valid image file. If a
| non-image file is supplied, it may be incorrectly detected as an
| image and the function will return successfully.

This notice should better be moved to a more prominent place, and be
improved. So I'm changing to doc-bug.

[1] <>
 [2017-03-17 12:12 UTC]
Automatic comment from SVN on behalf of cmb
Log: Fix #74239: getimagesize returns incorrect value for corrupt file.

We promote the respective notice to a caution, move it up, and explain
that the returned array may contain nonsense.
 [2017-03-17 12:12 UTC]
-Status: Verified +Status: Closed -Type: Bug +Type: Documentation Problem
 [2017-03-17 12:12 UTC]
This bug has been fixed in the documentation's XML sources. Since the
online and downloadable versions of the documentation need some time
to get updated, we would like to ask you to be a bit patient.

Thank you for the report, and for helping us make our documentation better.
 [2020-02-07 06:06 UTC]
Automatic comment on behalf of cmb
Log: Fix #74239: getimagesize returns incorrect value for corrupt file.
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sat Jul 20 16:01:29 2024 UTC