php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #80016 PHP Warning: exif_thumbnail: Illegal IFD size
Submitted: 2020-08-24 19:41 UTC Modified: 2020-10-27 10:40 UTC
Votes:1
Avg. Score:1.0 ± 0.0
Reproduced:0 of 1 (0.0%)
From: 7tonin at laposte dot net Assigned: cmb (profile)
Status: Closed Package: EXIF related
PHP Version: 7.3.21 OS: linux 5.7.14-desktop-1.mga7 x86
Private report: No CVE-ID: None
 [2020-08-24 19:41 UTC] 7tonin at laposte dot net
Description:
------------
Hi,
while trying to get EXIF thumbnail, some of my crafted pictures (Hugin, Gimp, Imagemagick, Exiftool) lead my webserver to two warnings:

PHP Warning:  exif_thumbnail(cloud.jpg): Illegal IFD size: 2 + 0x9D00*12 = 0x75C02 > 0x6D78 
PHP Warning:  exif_read_data(cloud.jpg): Illegal IFD size: 2 + 0x9D00*12 = 0x75C02 > 0x6D78

(this is the same size data for any picture)

Another bad thing is file permissions are then changed to apache:apache

Test script:
---------------
try this file (uploaded twice for free)
https://file.io/0J2TmIc9gNpR (1w expiry link)
https://file.io/XFJoy5XoQtd0

Let's call it cloud.jpg

<?php 
$stream = '/path/to/cloud.jpg' ;

if ($exif = exif_read_data($stream, 0, true)) {
    echo "$stream :<br />\n";
    foreach ($exif as $key => $section) {
        foreach ($section as $name => $val) {
            echo "$key.$name : $val<br />\n";
        }
    }
    
    $thumbnail = exif_thumbnail($stream, $width, $height, $type);
    echo "<img  width='$width' height='$height' src='data:image/gif;base64,".base64_encode($thumbnail)."'>";
}
?>


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2020-08-25 06:32 UTC] cmb@php.net
-Status: Open +Status: Feedback -Assigned To: +Assigned To: cmb
 [2020-08-25 06:32 UTC] cmb@php.net
> try this file (uploaded twice for free)
> https://file.io/0J2TmIc9gNpR (1w expiry link)
> https://file.io/XFJoy5XoQtd0

Both links give page not found for me.  Could you please check?
 [2020-08-26 16:10 UTC] 7tonin at laposte dot net
Sorry, when file.io is used for free, there is just one download available. That's pretty short. So I will send the image to anyone asking for.

Work around, if you have got ImageMagick on the server, here is a fallback to fill $thumb_data :
$thumb_data = exif_thumbnail($image_source_filename, $width, $height, $type) ;
if ($thumb_data==false) 
{
   $return_var=null;
   $type='image/jpeg';
   
   ob_start();
   passthru('exiftool -b -thumbnailImage '.$image_source_filename, $return_var);
   $thumb_data = ob_get_contents();
   ob_end_clean(); 
}

This fallback shows ImageMagick is able to retrieve exif thumbnail.
 [2020-08-26 16:40 UTC] cmb@php.net
Could you send the image to me, please?
 [2020-08-26 17:30 UTC] 7tonin at laposte dot net
-Status: Feedback +Status: Assigned
 [2020-08-26 17:30 UTC] 7tonin at laposte dot net
I did at [2020-08-26 16:03 UTC]
 [2020-08-26 21:27 UTC] cmb@php.net
Thanks, but that mail didn't went through.  Not sure what to do.
 [2020-08-27 07:52 UTC] cmb@php.net
-Status: Assigned +Status: Verified -Assigned To: cmb +Assigned To:
 [2020-08-27 07:52 UTC] cmb@php.net
Actually, I did receive your email; maybe I just missed it
the other day.

Anyhow, with latest PHP-7.3 I don't get "Illegal IFD size"
warnings, but rather "corrupt EXIF header: maximum directory
nesting level reached" warnings.  There is a PR[1] which would fix
these.

[1] <https://github.com/php/php-src/pull/5976>
 [2020-08-27 09:01 UTC] 7tonin at laposte dot net
Nice, thank you

Minor comments
- about "Another bad thing is file permissions are then changed to apache:apache"
It's because my script run by apache tries to rebuild such thumbnails. Apologize.
- about "Work around, if you have got ImageMagick on the server, here is a fallback". Please change "$type='image/jpeg';" with
 $type=IMAGETYPE_JPEG;
 [2020-10-27 10:40 UTC] cmb@php.net
-Status: Verified +Status: Closed -Assigned To: +Assigned To: cmb
 [2020-10-27 10:40 UTC] cmb@php.net
That PR has been merged, so this issue should be resolved.
 
PHP Copyright © 2001-2020 The PHP Group
All rights reserved.
Last updated: Fri Nov 27 18:01:25 2020 UTC