Fixed bug #54723 - getimagesize() doesn't check the full ico signature and misreports mpg files

2 files changed, 4 insertions, 2 deletions

diff --git a/NEWS b/NEWS
index 533770c219..9ae62c830e 100644
--- a/NEWS
+++ b/NEWS
@@ -19,6 +19,8 @@ PHP                                                                        NEWS
   . Implemented FR #54459 (Range function accuracy). (Adam)
   . Added PHP_MANDIR constant telling where the manpages were installed into,
     and an --man-dir argument to php-config. (Hannes)
+  . Fixed bug #54723 (getimagesize() doesn't check the full ico signature).
+    (Scott)
   . Fixed bug #54580 (get_browser() segmentation fault when browscap ini
     directive is set through php_admin_value). (Gustavo)
   . Fixed bug #54238 (use-after-free in substr_replace()). (Stas)
diff --git a/ext/standard/image.c b/ext/standard/image.c
index 6a35941b50..d65a8bb59e 100644
--- a/ext/standard/image.c
+++ b/ext/standard/image.c
@@ -51,7 +51,7 @@ PHPAPI const char php_sig_jp2[12] = {(char)0x00, (char)0x00, (char)0x00, (char)0
                                      (char)0x6a, (char)0x50, (char)0x20, (char)0x20,
                                      (char)0x0d, (char)0x0a, (char)0x87, (char)0x0a};
 PHPAPI const char php_sig_iff[4] = {'F','O','R','M'};
-PHPAPI const char php_sig_ico[3] = {(char)0x00, (char)0x00, (char)0x01};
+PHPAPI const char php_sig_ico[4] = {(char)0x00, (char)0x00, (char)0x01, (char)0x00};
 
 /* REMEMBER TO ADD MIME-TYPE TO FUNCTION php_image_type_to_mime_type */
 /* PCX must check first 64bytes and byte 0=0x0a and byte2 < 0x06 */
@@ -1265,7 +1265,7 @@ PHPAPI int php_getimagetype(php_stream * stream, char *filetype TSRMLS_DC)
 		return IMAGE_FILETYPE_TIFF_MM;
 	} else if (!memcmp(filetype, php_sig_iff, 4)) {
 		return IMAGE_FILETYPE_IFF;
-	} else if (!memcmp(filetype, php_sig_ico, 3)) {
+	} else if (!memcmp(filetype, php_sig_ico, 4)) {
 		return IMAGE_FILETYPE_ICO;
 	}