From 3789aab33972891214ea8054a6891ca45d88a239 Mon Sep 17 00:00:00 2001 From: Marcus Boerger Date: Sat, 19 Oct 2002 10:24:03 +0000 Subject: MFH: Allow ifd start at offset other than 00000008h and provide testcase. --- ext/exif/exif.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/ext/exif/exif.c b/ext/exif/exif.c index bf2783b79f..1add60509a 100644 --- a/ext/exif/exif.c +++ b/ext/exif/exif.c @@ -1606,6 +1606,8 @@ static void exif_process_IFD_in_JPEG(image_info_type *ImageInfo, char *DirStart, */ static void exif_process_TIFF_in_JPEG(image_info_type *ImageInfo, char *CharBuf, unsigned int length) { + unsigned exif_value_2a, offset_of_ifd; + /* set the thumbnail stuff to nothing so we can test to see if they get set up */ if (memcmp(CharBuf, "II", 2) == 0) { ImageInfo->motorola_intel = 0; @@ -1617,14 +1619,15 @@ static void exif_process_TIFF_in_JPEG(image_info_type *ImageInfo, char *CharBuf, } /* Check the next two values for correctness. */ - if (php_ifd_get16u(CharBuf+2, ImageInfo->motorola_intel) != 0x2a - || php_ifd_get32u(CharBuf+4, ImageInfo->motorola_intel) != 0x08) { + exif_value_2a = php_ifd_get16u(CharBuf+2, ImageInfo->motorola_intel); + offset_of_ifd = php_ifd_get32u(CharBuf+4, ImageInfo->motorola_intel); + if ( exif_value_2a != 0x2a || offset_of_ifd < 0x08) { php_error(E_WARNING, "Invalid TIFF start (1)"); return; } /* First directory starts at offset 8. Offsets starts at 0. */ - exif_process_IFD_in_JPEG(ImageInfo, CharBuf+8, CharBuf, length/*-14*/, SECTION_IFD0); + exif_process_IFD_in_JPEG(ImageInfo, CharBuf+offset_of_ifd, CharBuf, length/*-14*/, SECTION_IFD0); #ifdef EXIF_DEBUG php_error(E_NOTICE,"exif_process_TIFF_in_JPEG, done"); -- cgit v1.2.1