Merge branch 'PHP-5.5'

m6w6 · m6w6 · commit cfd911473bb6 · 2013-10-21T22:16:21.000+02:00
* PHP-5.5: add tests for bug #62523 Merged PR #293 (Exif crash on unknown encoding was fixed) By: Draal Conflicts: configure.in main/php_version.h
diff --git a/ext/exif/exif.c b/ext/exif/exif.c
@@ -2633,14 +2633,15 @@ static int exif_process_user_comment(image_info_type *ImageInfo, char **pszInfoP
 			} else {
 				decode = ImageInfo->decode_unicode_le;
 			}
+			/* XXX this will fail again if encoding_converter returns on error something different than SIZE_MAX   */
 			if (zend_multibyte_encoding_converter(
 					(unsigned char**)pszInfoPtr, 
 					&len, 
 					(unsigned char*)szValuePtr,
 					ByteCount,
 					zend_multibyte_fetch_encoding(ImageInfo->encode_unicode TSRMLS_CC),
 					zend_multibyte_fetch_encoding(decode TSRMLS_CC)
-					TSRMLS_CC) < 0) {
+					TSRMLS_CC) == (size_t)-1) {
 				len = exif_process_string_raw(pszInfoPtr, szValuePtr, ByteCount);
 			}
 			return len;
@@ -2653,14 +2654,15 @@ static int exif_process_user_comment(image_info_type *ImageInfo, char **pszInfoP
 			*pszEncoding = estrdup((const char*)szValuePtr);
 			szValuePtr = szValuePtr+8;
 			ByteCount -= 8;
+			/* XXX this will fail again if encoding_converter returns on error something different than SIZE_MAX   */
 			if (zend_multibyte_encoding_converter(
 					(unsigned char**)pszInfoPtr, 
 					&len, 
 					(unsigned char*)szValuePtr,
 					ByteCount,
 					zend_multibyte_fetch_encoding(ImageInfo->encode_jis TSRMLS_CC),
 					zend_multibyte_fetch_encoding(ImageInfo->motorola_intel ? ImageInfo->decode_jis_be : ImageInfo->decode_jis_le TSRMLS_CC)
-					TSRMLS_CC) < 0) {
+					TSRMLS_CC) == (size_t)-1) {
 				len = exif_process_string_raw(pszInfoPtr, szValuePtr, ByteCount);
 			}
 			return len;
@@ -2690,16 +2692,16 @@ static int exif_process_user_comment(image_info_type *ImageInfo, char **pszInfoP
 static int exif_process_unicode(image_info_type *ImageInfo, xp_field_type *xp_field, int tag, char *szValuePtr, int ByteCount TSRMLS_DC)
 {
 	xp_field->tag = tag;	
-
-	/* Copy the comment */
+	
+	/* XXX this will fail again if encoding_converter returns on error something different than SIZE_MAX   */
 	if (zend_multibyte_encoding_converter(
 			(unsigned char**)&xp_field->value, 
 			&xp_field->size, 
 			(unsigned char*)szValuePtr,
 			ByteCount,
 			zend_multibyte_fetch_encoding(ImageInfo->encode_unicode TSRMLS_CC),
 			zend_multibyte_fetch_encoding(ImageInfo->motorola_intel ? ImageInfo->decode_unicode_be : ImageInfo->decode_unicode_le TSRMLS_CC)
-			TSRMLS_CC) < 0) {
+			TSRMLS_CC) == (size_t)-1) {
 		xp_field->size = exif_process_string_raw(&xp_field->value, szValuePtr, ByteCount);
 	}
 	return xp_field->size;
diff --git a/ext/exif/tests/bug62523_1.jpg b/ext/exif/tests/bug62523_1.jpg
@@ -0,0 +1,9 @@
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
+<html><head>
+<title>301 Moved Permanently</title>
+</head><body>
+<h1>Moved Permanently</h1>
+<p>The document has moved <a href="http://www.getid3.org/temp/62523.jpg">here</a>.</p>
+<hr>
+<address>Apache Server at getid3.org Port 80</address>
+</body></html>
diff --git a/ext/exif/tests/bug62523_1.phpt b/ext/exif/tests/bug62523_1.phpt
@@ -0,0 +1,18 @@
+--TEST--
+Bug 62523 (php crashes with segfault when exif_read_data called)
+--SKIPIF--
+<?php
+extension_loaded("exif") or die("skip need exif");
+?>
+--FILE--
+<?php
+echo "Test\n";
+var_dump(count(exif_read_data(__DIR__."/bug62523_1.jpg")));
+?>
+Done
+--EXPECTF--
+Test
+
+Warning: exif_read_data(bug62523_1.jpg): File not supported in %sbug62523_1.php on line %d
+int(1)
+Done
diff --git a/ext/exif/tests/bug62523_2.jpg b/ext/exif/tests/bug62523_2.jpg
diff --git a/ext/exif/tests/bug62523_2.phpt b/ext/exif/tests/bug62523_2.phpt
@@ -0,0 +1,16 @@
+--TEST--
+Bug 62523 (php crashes with segfault when exif_read_data called)
+--SKIPIF--
+<?php
+extension_loaded("exif") or die("skip need exif");
+?>
+--FILE--
+<?php
+echo "Test\n";
+var_dump(count(exif_read_data(__DIR__."/bug62523_2.jpg")));
+?>
+Done
+--EXPECT--
+Test
+int(76)
+Done
diff --git a/ext/exif/tests/bug62523_3.jpg b/ext/exif/tests/bug62523_3.jpg
@@ -0,0 +1,12 @@
+<html>
+  <head><title>Found</title></head>
+  <body>
+    <h1>Found</h1>
+    <p>The resource was found at <a href="http://dl.dropboxusercontent.com/u/7562584/Bugs/Php/bad_exif.jpeg">http://dl.dropboxusercontent.com/u/7562584/Bugs/Php/bad_exif.jpeg</a>;
+you should be redirected automatically.
+
+<!--  --></p>
+    <hr noshade>
+    <div align="right">WSGI Server</div>
+  </body>
+</html>
diff --git a/ext/exif/tests/bug62523_3.phpt b/ext/exif/tests/bug62523_3.phpt
@@ -0,0 +1,18 @@
+--TEST--
+Bug 62523 (php crashes with segfault when exif_read_data called)
+--SKIPIF--
+<?php
+extension_loaded("exif") or die("skip need exif");
+?>
+--FILE--
+<?php
+echo "Test\n";
+var_dump(count(exif_read_data(__DIR__."/bug62523_3.jpg")));
+?>
+Done
+--EXPECTF--
+Test
+
+Warning: exif_read_data(bug62523_3.jpg): File not supported in %sbug62523_3.php on line %d
+int(1)
+Done
diff --git a/ext/exif/tests/exif_encoding_crash.jpg b/ext/exif/tests/exif_encoding_crash.jpg
diff --git a/ext/exif/tests/exif_encoding_crash.phpt b/ext/exif/tests/exif_encoding_crash.phpt
@@ -0,0 +1,14 @@
+--TEST--
+PHP crash when zend_multibyte_encoding_converter returns (size_t)-1)
+--SKIPIF--
+<?php if (!extension_loaded('exif')) print 'skip exif extension not available';?>
+--FILE--
+<?php
+$infile = dirname(__FILE__).'/exif_encoding_crash.jpg';
+$exif_data = exif_read_data($infile);
+echo "*** no core dump ***\n";
+?>
+===DONE===
+--EXPECT--
+*** no core dump ***
+===DONE===
