diff options
Diffstat (limited to 'ext/exif/exif.c')
| -rw-r--r-- | ext/exif/exif.c | 130 |
1 files changed, 69 insertions, 61 deletions
diff --git a/ext/exif/exif.c b/ext/exif/exif.c index ec121a6c32..06e1dae41a 100644 --- a/ext/exif/exif.c +++ b/ext/exif/exif.c @@ -1,8 +1,8 @@ /* +----------------------------------------------------------------------+ - | PHP Version 5 | + | PHP Version 7 | +----------------------------------------------------------------------+ - | Copyright (c) 1997-2013 The PHP Group | + | Copyright (c) 1997-2014 The PHP Group | +----------------------------------------------------------------------+ | This source file is subject to version 3.01 of the PHP license, | | that is bundled with this package in the file LICENSE, and is | @@ -166,17 +166,17 @@ ZEND_DECLARE_MODULE_GLOBALS(exif) ZEND_INI_MH(OnUpdateEncode) { - if (new_value && new_value_length) { + if (new_value && new_value->len) { const zend_encoding **return_list; size_t return_size; - if (FAILURE == zend_multibyte_parse_encoding_list(new_value, new_value_length, + if (FAILURE == zend_multibyte_parse_encoding_list(new_value->val, new_value->len, &return_list, &return_size, 0 TSRMLS_CC)) { - php_error_docref(NULL TSRMLS_CC, E_WARNING, "Illegal encoding ignored: '%s'", new_value); + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Illegal encoding ignored: '%s'", new_value->val); return FAILURE; } efree(return_list); } - return OnUpdateString(entry, new_value, new_value_length, mh_arg1, mh_arg2, mh_arg3, stage TSRMLS_CC); + return OnUpdateString(entry, new_value, mh_arg1, mh_arg2, mh_arg3, stage TSRMLS_CC); } ZEND_INI_MH(OnUpdateDecode) @@ -184,14 +184,14 @@ ZEND_INI_MH(OnUpdateDecode) if (new_value) { const zend_encoding **return_list; size_t return_size; - if (FAILURE == zend_multibyte_parse_encoding_list(new_value, new_value_length, + if (FAILURE == zend_multibyte_parse_encoding_list(new_value->val, new_value->len, &return_list, &return_size, 0 TSRMLS_CC)) { - php_error_docref(NULL TSRMLS_CC, E_WARNING, "Illegal encoding ignored: '%s'", new_value); + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Illegal encoding ignored: '%s'", new_value->val); return FAILURE; } efree(return_list); } - return OnUpdateString(entry, new_value, new_value_length, mh_arg1, mh_arg2, mh_arg3, stage TSRMLS_CC); + return OnUpdateString(entry, new_value, mh_arg1, mh_arg2, mh_arg3, stage TSRMLS_CC); } PHP_INI_BEGIN() @@ -222,7 +222,7 @@ static PHP_GINIT_FUNCTION(exif) PHP_MINIT_FUNCTION(exif) { REGISTER_INI_ENTRIES(); - if (zend_hash_exists(&module_registry, "mbstring", sizeof("mbstring"))) { + if (zend_hash_str_exists(&module_registry, "mbstring", sizeof("mbstring")-1)) { REGISTER_LONG_CONSTANT("EXIF_USE_MBSTRING", 1, CONST_CS | CONST_PERSISTENT); } else { REGISTER_LONG_CONSTANT("EXIF_USE_MBSTRING", 0, CONST_CS | CONST_PERSISTENT); @@ -1941,17 +1941,16 @@ static void add_assoc_image_info(zval *value, int sub_array, image_info_type *im #endif image_info_value *info_value; image_info_data *info_data; - zval *tmpi, *array = NULL; + zval tmpi, array; #ifdef EXIF_DEBUG /* php_error_docref(NULL TSRMLS_CC, E_NOTICE, "Adding %d infos from section %s", image_info->info_list[section_index].count, exif_get_sectionname(section_index));*/ #endif if (image_info->info_list[section_index].count) { if (sub_array) { - MAKE_STD_ZVAL(tmpi); - array_init(tmpi); + array_init(&tmpi); } else { - tmpi = value; + ZVAL_COPY_VALUE(&tmpi, value); } for(i=0; i<image_info->info_list[section_index].count; i++) { @@ -1968,7 +1967,7 @@ static void add_assoc_image_info(zval *value, int sub_array, image_info_type *im /* php_error_docref(NULL TSRMLS_CC, E_NOTICE, "Adding infos: tag(0x%04X,%12s,L=0x%04X): %s", info_tag, exif_get_tagname(info_tag, buffer, -12, exif_get_tag_table(section_index) TSRMLS_CC), info_data->length, info_data->format==TAG_FMT_STRING?(info_value&&info_value->s?info_value->s:"<no data>"):exif_get_tagformat(info_data->format));*/ #endif if (info_data->length==0) { - add_assoc_null(tmpi, name); + add_assoc_null(&tmpi, name); } else { switch (info_data->format) { default: @@ -1981,9 +1980,9 @@ static void add_assoc_image_info(zval *value, int sub_array, image_info_type *im case TAG_FMT_SBYTE: case TAG_FMT_UNDEFINED: if (!info_value->s) { - add_assoc_stringl(tmpi, name, "", 0, 1); + add_assoc_stringl(&tmpi, name, "", 0); } else { - add_assoc_stringl(tmpi, name, info_value->s, info_data->length, 1); + add_assoc_stringl(&tmpi, name, info_value->s, info_data->length); } break; @@ -1992,9 +1991,9 @@ static void add_assoc_image_info(zval *value, int sub_array, image_info_type *im val = ""; } if (section_index==SECTION_COMMENT) { - add_index_string(tmpi, idx++, val, 1); + add_index_string(&tmpi, idx++, val); } else { - add_assoc_string(tmpi, name, val, 1); + add_assoc_string(&tmpi, name, val); } break; @@ -2010,9 +2009,7 @@ static void add_assoc_image_info(zval *value, int sub_array, image_info_type *im case TAG_FMT_SLONG: /* now the rest, first see if it becomes an array */ if ((l = info_data->length) > 1) { - array = NULL; - MAKE_STD_ZVAL(array); - array_init(array); + array_init(&array); } for(ap=0; ap<l; ap++) { if (l>1) { @@ -2023,25 +2020,25 @@ static void add_assoc_image_info(zval *value, int sub_array, image_info_type *im if (l>1) { info_value = &info_data->value; for (b=0;b<l;b++) { - add_index_long(array, b, (int)(info_value->s[b])); + add_index_long(&array, b, (int)(info_value->s[b])); } break; } case TAG_FMT_USHORT: case TAG_FMT_ULONG: if (l==1) { - add_assoc_long(tmpi, name, (int)info_value->u); + add_assoc_long(&tmpi, name, (int)info_value->u); } else { - add_index_long(array, ap, (int)info_value->u); + add_index_long(&array, ap, (int)info_value->u); } break; case TAG_FMT_URATIONAL: snprintf(buffer, sizeof(buffer), "%i/%i", info_value->ur.num, info_value->ur.den); if (l==1) { - add_assoc_string(tmpi, name, buffer, 1); + add_assoc_string(&tmpi, name, buffer); } else { - add_index_string(array, ap, buffer, 1); + add_index_string(&array, ap, buffer); } break; @@ -2049,55 +2046,55 @@ static void add_assoc_image_info(zval *value, int sub_array, image_info_type *im if (l>1) { info_value = &info_data->value; for (b=0;b<l;b++) { - add_index_long(array, ap, (int)info_value->s[b]); + add_index_long(&array, ap, (int)info_value->s[b]); } break; } case TAG_FMT_SSHORT: case TAG_FMT_SLONG: if (l==1) { - add_assoc_long(tmpi, name, info_value->i); + add_assoc_long(&tmpi, name, info_value->i); } else { - add_index_long(array, ap, info_value->i); + add_index_long(&array, ap, info_value->i); } break; case TAG_FMT_SRATIONAL: snprintf(buffer, sizeof(buffer), "%i/%i", info_value->sr.num, info_value->sr.den); if (l==1) { - add_assoc_string(tmpi, name, buffer, 1); + add_assoc_string(&tmpi, name, buffer); } else { - add_index_string(array, ap, buffer, 1); + add_index_string(&array, ap, buffer); } break; case TAG_FMT_SINGLE: if (l==1) { - add_assoc_double(tmpi, name, info_value->f); + add_assoc_double(&tmpi, name, info_value->f); } else { - add_index_double(array, ap, info_value->f); + add_index_double(&array, ap, info_value->f); } break; case TAG_FMT_DOUBLE: if (l==1) { - add_assoc_double(tmpi, name, info_value->d); + add_assoc_double(&tmpi, name, info_value->d); } else { - add_index_double(array, ap, info_value->d); + add_index_double(&array, ap, info_value->d); } break; } info_value = &info_data->value.list[ap]; } if (l>1) { - add_assoc_zval(tmpi, name, array); + add_assoc_zval(&tmpi, name, &array); } break; } } } if (sub_array) { - add_assoc_zval(value, exif_get_sectionname(section_index), tmpi); + add_assoc_zval(value, exif_get_sectionname(section_index), &tmpi); } } } @@ -2337,7 +2334,7 @@ static char * exif_get_markername(int marker) Get headername for index or false if not defined */ PHP_FUNCTION(exif_tagname) { - long tag; + zend_long tag; char *szTemp; if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "l", &tag) == FAILURE) { @@ -2350,7 +2347,7 @@ PHP_FUNCTION(exif_tagname) RETURN_FALSE; } - RETURN_STRING(szTemp, 1) + RETURN_STRING(szTemp) } /* }}} */ @@ -2416,11 +2413,11 @@ static void* exif_ifd_make_value(image_info_data *info_data, int motorola_intel data_ptr += 8; break; case TAG_FMT_SINGLE: - memmove(data_ptr, &info_data->value.f, byte_count); + memmove(data_ptr, &info_value->f, 4); data_ptr += 4; break; case TAG_FMT_DOUBLE: - memmove(data_ptr, &info_data->value.d, byte_count); + memmove(data_ptr, &info_value->d, 8); data_ptr += 8; break; } @@ -2633,6 +2630,7 @@ static int exif_process_user_comment(image_info_type *ImageInfo, char **pszInfoP } else { decode = ImageInfo->decode_unicode_le; } + /* XXX this will fail again if encoding_converter returns on error something different than SIZE_MAX */ if (zend_multibyte_encoding_converter( (unsigned char**)pszInfoPtr, &len, @@ -2640,7 +2638,7 @@ static int exif_process_user_comment(image_info_type *ImageInfo, char **pszInfoP ByteCount, zend_multibyte_fetch_encoding(ImageInfo->encode_unicode TSRMLS_CC), zend_multibyte_fetch_encoding(decode TSRMLS_CC) - TSRMLS_CC) < 0) { + TSRMLS_CC) == (size_t)-1) { len = exif_process_string_raw(pszInfoPtr, szValuePtr, ByteCount); } return len; @@ -2653,6 +2651,7 @@ static int exif_process_user_comment(image_info_type *ImageInfo, char **pszInfoP *pszEncoding = estrdup((const char*)szValuePtr); szValuePtr = szValuePtr+8; ByteCount -= 8; + /* XXX this will fail again if encoding_converter returns on error something different than SIZE_MAX */ if (zend_multibyte_encoding_converter( (unsigned char**)pszInfoPtr, &len, @@ -2660,7 +2659,7 @@ static int exif_process_user_comment(image_info_type *ImageInfo, char **pszInfoP ByteCount, zend_multibyte_fetch_encoding(ImageInfo->encode_jis TSRMLS_CC), zend_multibyte_fetch_encoding(ImageInfo->motorola_intel ? ImageInfo->decode_jis_be : ImageInfo->decode_jis_le TSRMLS_CC) - TSRMLS_CC) < 0) { + TSRMLS_CC) == (size_t)-1) { len = exif_process_string_raw(pszInfoPtr, szValuePtr, ByteCount); } return len; @@ -2690,8 +2689,8 @@ static int exif_process_user_comment(image_info_type *ImageInfo, char **pszInfoP static int exif_process_unicode(image_info_type *ImageInfo, xp_field_type *xp_field, int tag, char *szValuePtr, int ByteCount TSRMLS_DC) { xp_field->tag = tag; - - /* Copy the comment */ + + /* XXX this will fail again if encoding_converter returns on error something different than SIZE_MAX */ if (zend_multibyte_encoding_converter( (unsigned char**)&xp_field->value, &xp_field->size, @@ -2699,7 +2698,7 @@ static int exif_process_unicode(image_info_type *ImageInfo, xp_field_type *xp_fi ByteCount, zend_multibyte_fetch_encoding(ImageInfo->encode_unicode TSRMLS_CC), zend_multibyte_fetch_encoding(ImageInfo->motorola_intel ? ImageInfo->decode_unicode_be : ImageInfo->decode_unicode_le TSRMLS_CC) - TSRMLS_CC) < 0) { + TSRMLS_CC) == (size_t)-1) { xp_field->size = exif_process_string_raw(&xp_field->value, szValuePtr, ByteCount); } return xp_field->size; @@ -2840,7 +2839,12 @@ static int exif_process_IFD_TAG(image_info_type *ImageInfo, char *dir_entry, cha offset_val = php_ifd_get32u(dir_entry+8, ImageInfo->motorola_intel); /* If its bigger than 4 bytes, the dir entry contains an offset. */ value_ptr = offset_base+offset_val; - if (byte_count > IFDlength || offset_val > IFDlength-byte_count || value_ptr < dir_entry) { + /* + dir_entry is ImageInfo->file.list[sn].data+2+i*12 + offset_base is ImageInfo->file.list[sn].data-dir_offset + dir_entry - offset_base is dir_offset+2+i*12 + */ + if (byte_count > IFDlength || offset_val > IFDlength-byte_count || value_ptr < dir_entry || offset_val < (size_t)(dir_entry-offset_base)) { /* It is important to check for IMAGE_FILETYPE_TIFF * JPEG does not use absolute pointers instead its pointers are * relative to the start of the TIFF header in APP1 section. */ @@ -3843,8 +3847,9 @@ static int exif_discard_imageinfo(image_info_type *ImageInfo) static int exif_read_file(image_info_type *ImageInfo, char *FileName, int read_thumbnail, int read_all TSRMLS_DC) { int ret; - struct stat st; - + zend_stat_t st; + zend_string *base; + /* Start with an empty image information structure. */ memset(ImageInfo, 0, sizeof(*ImageInfo)); @@ -3877,17 +3882,19 @@ static int exif_read_file(image_info_type *ImageInfo, char *FileName, int read_t } } - php_basename(FileName, strlen(FileName), NULL, 0, &(ImageInfo->FileName), NULL TSRMLS_CC); + base = php_basename(FileName, strlen(FileName), NULL, 0 TSRMLS_CC); + ImageInfo->FileName = estrndup(base->val, base->len); + zend_string_release(base); ImageInfo->read_thumbnail = read_thumbnail; ImageInfo->read_all = read_all; ImageInfo->Thumbnail.filetype = IMAGE_FILETYPE_UNKNOWN; - ImageInfo->encode_unicode = safe_estrdup(EXIF_G(encode_unicode)); - ImageInfo->decode_unicode_be = safe_estrdup(EXIF_G(decode_unicode_be)); - ImageInfo->decode_unicode_le = safe_estrdup(EXIF_G(decode_unicode_le)); - ImageInfo->encode_jis = safe_estrdup(EXIF_G(encode_jis)); - ImageInfo->decode_jis_be = safe_estrdup(EXIF_G(decode_jis_be)); - ImageInfo->decode_jis_le = safe_estrdup(EXIF_G(decode_jis_le)); + ImageInfo->encode_unicode = estrdup(EXIF_G(encode_unicode)); + ImageInfo->decode_unicode_be = estrdup(EXIF_G(decode_unicode_be)); + ImageInfo->decode_unicode_le = estrdup(EXIF_G(decode_unicode_le)); + ImageInfo->encode_jis = estrdup(EXIF_G(encode_jis)); + ImageInfo->decode_jis_be = estrdup(EXIF_G(decode_jis_be)); + ImageInfo->decode_jis_le = estrdup(EXIF_G(decode_jis_le)); ImageInfo->ifd_nesting_level = 0; @@ -3905,7 +3912,7 @@ static int exif_read_file(image_info_type *ImageInfo, char *FileName, int read_t PHP_FUNCTION(exif_read_data) { char *p_name, *p_sections_needed = NULL; - int p_name_len, p_sections_needed_len = 0; + size_t p_name_len, p_sections_needed_len = 0; zend_bool sub_arrays=0, read_thumbnail=0, read_all=0; int i, ret, sections_needed=0; @@ -4084,7 +4091,8 @@ PHP_FUNCTION(exif_thumbnail) { zval *p_width = 0, *p_height = 0, *p_imagetype = 0; char *p_name; - int p_name_len, ret, arg_c = ZEND_NUM_ARGS(); + size_t p_name_len; + int ret, arg_c = ZEND_NUM_ARGS(); image_info_type ImageInfo; memset(&ImageInfo, 0, sizeof(ImageInfo)); @@ -4115,7 +4123,7 @@ PHP_FUNCTION(exif_thumbnail) exif_error_docref(NULL EXIFERR_CC, &ImageInfo, E_NOTICE, "Returning thumbnail(%d)", ImageInfo.Thumbnail.size); #endif - ZVAL_STRINGL(return_value, ImageInfo.Thumbnail.data, ImageInfo.Thumbnail.size, 1); + ZVAL_STRINGL(return_value, ImageInfo.Thumbnail.data, ImageInfo.Thumbnail.size); if (arg_c >= 3) { if (!ImageInfo.Thumbnail.width || !ImageInfo.Thumbnail.height) { exif_scan_thumbnail(&ImageInfo TSRMLS_CC); @@ -4147,7 +4155,7 @@ PHP_FUNCTION(exif_thumbnail) PHP_FUNCTION(exif_imagetype) { char *imagefile; - int imagefile_len; + size_t imagefile_len; php_stream * stream; int itype = 0; |