Imported Upstream version 5.3.1upstream/5.3.1

6 files changed, 23 insertions, 13 deletions

diff --git a/ext/exif/config.m4 b/ext/exif/config.m4
index 633cb4a44..6d1d8c5b2 100644
--- a/ext/exif/config.m4
+++ b/ext/exif/config.m4
@@ -1,5 +1,5 @@
 dnl
-dnl $Id: config.m4,v 1.8 2002/09/19 20:14:34 derick Exp $
+dnl $Id: config.m4 96181 2002-09-19 20:14:35Z derick $
 dnl
 
 PHP_ARG_ENABLE(exif, whether to enable EXIF (metadata from images) support,
diff --git a/ext/exif/config.w32 b/ext/exif/config.w32
index 8efa93b00..f39ef74b1 100644
--- a/ext/exif/config.w32
+++ b/ext/exif/config.w32
@@ -1,4 +1,4 @@
-// $Id: config.w32,v 1.3.6.1 2008/06/23 18:40:28 pajoye Exp $
+// $Id: config.w32 261548 2008-06-23 18:40:29Z pajoye $
 // vim:ft=javascript
 
 ARG_ENABLE("exif", "exif", "no");
diff --git a/ext/exif/example.php b/ext/exif/example.php
index 8f6e31fb9..fb9b5ad3e 100644
--- a/ext/exif/example.php
+++ b/ext/exif/example.php
@@ -1,7 +1,7 @@
 <?php
 // (c) M.Boerger
 //
-// $Id: example.php,v 1.1 2002/03/08 11:33:45 helly Exp $
+// $Id: example.php 72471 2002-03-08 11:33:46Z helly $
 //
 ?><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional">
 <html>
diff --git a/ext/exif/exif.c b/ext/exif/exif.c
index 96358f22e..f03c3c173 100644
--- a/ext/exif/exif.c
+++ b/ext/exif/exif.c
@@ -17,7 +17,7 @@
    +----------------------------------------------------------------------+
  */
 
-/* $Id: exif.c,v 1.173.2.5.2.20.2.16 2009/06/12 14:03:35 felipe Exp $ */
+/* $Id: exif.c 287372 2009-08-16 14:32:32Z iliaa $ */
 
 /*  ToDos
  *
@@ -138,7 +138,7 @@ const zend_function_entry exif_functions[] = {
 };
 /* }}} */
 
-#define EXIF_VERSION "1.4 $Id: exif.c,v 1.173.2.5.2.20.2.16 2009/06/12 14:03:35 felipe Exp $"
+#define EXIF_VERSION "1.4 $Id: exif.c 287372 2009-08-16 14:32:32Z iliaa $"
 
 /* {{{ PHP_MINFO_FUNCTION
  */
@@ -3238,7 +3238,7 @@ static void exif_process_APP1(image_info_type *ImageInfo, char *CharBuf, size_t
 {
 	/* Check the APP1 for Exif Identifier Code */
 	static const uchar ExifHeader[] = {0x45, 0x78, 0x69, 0x66, 0x00, 0x00};
-	if (memcmp(CharBuf+2, ExifHeader, 6)) {
+	if (length <= 8 || memcmp(CharBuf+2, ExifHeader, 6)) {
 		exif_error_docref(NULL EXIFERR_CC, ImageInfo, E_WARNING, "Incorrect APP1 Exif Identifier Code");
 		return;
 	}
@@ -3321,8 +3321,14 @@ static int exif_scan_JPEG_header(image_info_type *ImageInfo TSRMLS_DC)
 		}
 
 		/* Read the length of the section. */
-		lh = php_stream_getc(ImageInfo->infile);
-		ll = php_stream_getc(ImageInfo->infile);
+		if ((lh = php_stream_getc(ImageInfo->infile)) == EOF) {
+			EXIF_ERRLOG_CORRUPT(ImageInfo)
+			return FALSE;
+		}
+		if ((ll = php_stream_getc(ImageInfo->infile)) == EOF) {
+			EXIF_ERRLOG_CORRUPT(ImageInfo)
+			return FALSE;
+		}
 
 		itemlen = (lh << 8) | ll;
 
@@ -3522,6 +3528,10 @@ static int exif_process_IFD_in_TIFF(image_info_type *ImageInfo, size_t dir_offse
 	int entry_tag , entry_type;
 	tag_table_type tag_table = exif_get_tag_table(section_index);
 
+	if (ImageInfo->ifd_nesting_level > MAX_IFD_NESTING_LEVEL) {
+                return FALSE;
+        }
+
 	if (ImageInfo->FileSize >= dir_offset+2) {
 		sn = exif_file_sections_add(ImageInfo, M_PSEUDO, 2, NULL);
 #ifdef EXIF_DEBUG
@@ -3665,6 +3675,7 @@ static int exif_process_IFD_in_TIFF(image_info_type *ImageInfo, size_t dir_offse
 #ifdef EXIF_DEBUG
 						exif_error_docref(NULL EXIFERR_CC, ImageInfo, E_NOTICE, "Next IFD: %s @x%04X", exif_get_sectionname(sub_section_index), entry_offset);
 #endif
+						ImageInfo->ifd_nesting_level++;
 						exif_process_IFD_in_TIFF(ImageInfo, entry_offset, sub_section_index TSRMLS_CC);
 						if (section_index!=SECTION_THUMBNAIL && entry_tag==TAG_SUB_IFD) {
 							if (ImageInfo->Thumbnail.filetype != IMAGE_FILETYPE_UNKNOWN
@@ -3704,6 +3715,7 @@ static int exif_process_IFD_in_TIFF(image_info_type *ImageInfo, size_t dir_offse
 #ifdef EXIF_DEBUG
 					exif_error_docref(NULL EXIFERR_CC, ImageInfo, E_NOTICE, "Read next IFD (THUMBNAIL) at x%04X", next_offset);
 #endif
+					ImageInfo->ifd_nesting_level++;
 					exif_process_IFD_in_TIFF(ImageInfo, next_offset, SECTION_THUMBNAIL TSRMLS_CC);
 #ifdef EXIF_DEBUG
 					exif_error_docref(NULL EXIFERR_CC, ImageInfo, E_NOTICE, "%s THUMBNAIL @0x%04X + 0x%04X", ImageInfo->Thumbnail.data ? "Ignore" : "Read", ImageInfo->Thumbnail.offset, ImageInfo->Thumbnail.size);
@@ -3776,9 +3788,7 @@ static int exif_scan_FILE_header(image_info_type *ImageInfo TSRMLS_DC)
 				} else {
 					exif_error_docref(NULL EXIFERR_CC, ImageInfo, E_WARNING, "Invalid TIFF file");
 				}
-			}
-			else
-			if (!memcmp(file_header, "MM\x00\x2a", 4)) {
+			} else if (!memcmp(file_header, "MM\x00\x2a", 4)) {
 				ImageInfo->FileType = IMAGE_FILETYPE_TIFF_MM;
 				ImageInfo->motorola_intel = 1;
 #ifdef EXIF_DEBUG
diff --git a/ext/exif/php_exif.h b/ext/exif/php_exif.h
index 49abcb96e..105490e2a 100644
--- a/ext/exif/php_exif.h
+++ b/ext/exif/php_exif.h
@@ -17,7 +17,7 @@
    +----------------------------------------------------------------------+
  */
 
-/* $Id: php_exif.h,v 1.14.2.1.2.1.2.2 2008/12/31 11:15:36 sebastian Exp $ */
+/* $Id: php_exif.h 272370 2008-12-31 11:15:49Z sebastian $ */
 
 #if HAVE_EXIF
 extern zend_module_entry exif_module_entry;
diff --git a/ext/exif/test.txt b/ext/exif/test.txt
index f9d501eca..46703a1fd 100644
--- a/ext/exif/test.txt
+++ b/ext/exif/test.txt
@@ -4,7 +4,7 @@
  *
  * (c) Marcus Boerger, 2002
  *
- * $Id: test.txt,v 1.8 2002/03/12 16:43:29 helly Exp $
+ * $Id: test.txt 72965 2002-03-12 16:43:29Z helly $
  *
  * Rename the file to test.php and read the instructions. If the
  * script cannot be executed or does not generate any output check