php/archived-php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2026-04-15 20:11:02 +02:00
Code Issues Packages Projects Releases Wiki Activity

fix bug #40109 (iptcembed fails on non-jfif jpegs)

Browse Source 
+ use safe_emalloc
This commit is contained in:
Antony Dovgal
2007-02-12 20:27:48 +00:00
parent d8179ac018
commit e89a9df1d4
1 changed files with 11 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
ext/standard/iptc.c
View File

@@ -186,6 +186,7 @@ PHP_FUNCTION(iptcembed)
unsigned int spool = 0, done = 0, inx;
unsigned char *spoolbuf=0, *poi=0;
struct stat sb;
zend_bool written = 0;
if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "SZ|l", &iptcdata, &iptcdata_len, &pp_jpeg_file, &spool) == FAILURE ||
php_stream_path_param_encode(pp_jpeg_file, &jpeg_file, &jpeg_file_len, REPORT_ERRORS, FG(default_context)) == FAILURE) {
@@ -204,7 +205,8 @@ PHP_FUNCTION(iptcembed)
if (spool < 2) {
fstat(fileno(fp), &sb);
poi = spoolbuf = emalloc(iptcdata_len + sizeof(psheader) + sb.st_size + 1024);
poi = spoolbuf = safe_emalloc(1, iptcdata_len + sizeof(psheader) + sb.st_size + 1024, 1);
memset(poi, 0, iptcdata_len + sizeof(psheader) + sb.st_size + 1024 + 1);
}
if (php_iptc_get1(fp, spool, poi?&poi:0 TSRMLS_CC) != 0xFF) {
@@ -242,6 +244,14 @@ PHP_FUNCTION(iptcembed)
case M_APP0:
/* APP0 is in each and every JPEG, so when we hit APP0 we insert our new APP13! */
case M_APP1:
/* APP1 is present in JFIF */
if (written) {
/* don't try to write the data twice */
break;
}
written = 1;
php_iptc_skip_variable(fp, spool, poi?&poi:0 TSRMLS_CC);
if (iptcdata_len & 1) iptcdata_len++; /* make the length even */