[PHP-DEV] Re: [PHP-CVS] cvs: php4(PHP_4_3) / TODO_SEGFAULTS /ext/exif exif.c

[Andi Gutmans]

I'm not completely sure but from first glance at exif it is *completely* 
broken everywhere.
You're not supposed to use zval_dtor() on parameters you get via 
zend_get_parameters_ex(). They are read-only as they are reference counted 
and are possibly pointed to by other variables too. You should use 
zend_get_parameters() if you want to be able to change them (such as 
calling zval_dtor()).

Andi

At 06:47 PM 4/1/2003 +0000, Rasmus Lerdorf wrote:
rasmus          Tue Apr  1 13:47:01 2003 EDT

  Modified files:              (Branch: PHP_4_3)
    /php4       TODO_SEGFAULTS
    /php4/ext/exif      exif.c
  Log:
  Fix exif crashes
Index: php4/TODO_SEGFAULTS
diff -u php4/TODO_SEGFAULTS:1.1.2.5 php4/TODO_SEGFAULTS:1.1.2.6
--- php4/TODO_SEGFAULTS:1.1.2.5 Tue Apr  1 13:26:14 2003
+++ php4/TODO_SEGFAULTS Tue Apr  1 13:47:01 2003
@@ -6,7 +6,7 @@
     i18n_convert/mb_convert_encoding (Moriyoshi Koizumi)
     socket_iovec_alloc (Rasmus)
-
+       exif_imagetype,exif_thumbnail (Rasmus)
 Open:
@@ -14,8 +14,6 @@
     array_pad
     bcsub (1)
     dbase_open
-    exif_imagetype
-    exif_thumbnail
     mb_ereg (2)
     mb_ereg_match (2)
     mb_eregi (2)
Index: php4/ext/exif/exif.c
diff -u php4/ext/exif/exif.c:1.118.2.13 php4/ext/exif/exif.c:1.118.2.14
--- php4/ext/exif/exif.c:1.118.2.13     Tue Dec 31 11:34:27 2002
+++ php4/ext/exif/exif.c        Tue Apr  1 13:47:01 2003
@@ -17,7 +17,7 @@
    +----------------------------------------------------------------------+
  */
-/* $Id: exif.c,v 1.118.2.13 2002/12/31 16:34:27 sebastian Exp $ */
+/* $Id: exif.c,v 1.118.2.14 2003/04/01 18:47:01 rasmus Exp $ */
 /*  ToDos
  *
@@ -95,7 +95,7 @@
 };
 /* }}} */
-#define EXIF_VERSION "1.4 $Id: exif.c,v 1.118.2.13 2002/12/31 16:34:27 
sebastian Exp $"
+#define EXIF_VERSION "1.4 $Id: exif.c,v 1.118.2.14 2003/04/01 18:47:01 
rasmus Exp $"

 /* {{{ PHP_MINFO_FUNCTION
  */
@@ -4012,17 +4012,9 @@
        }
        convert_to_string_ex(p_name);
-       if (arg_c >= 3) {
-               zval_dtor(*p_width);
-               zval_dtor(*p_height);
-       }
-       if (arg_c >= 4) {
-               zval_dtor(*p_imagetype);
-       }
        ret = exif_read_file(&ImageInfo, Z_STRVAL_PP(p_name), 1, 0 
TSRMLS_CC);
        if (ret==FALSE) {
-               exif_discard_imageinfo(&ImageInfo);
                RETURN_FALSE;
        }

@@ -4043,10 +4035,13 @@
                if (!ImageInfo.Thumbnail.width || 
!ImageInfo.Thumbnail.height) {
                        exif_scan_thumbnail(&ImageInfo TSRMLS_CC);
                }
+               zval_dtor(*p_width);
+               zval_dtor(*p_height);
                ZVAL_LONG(*p_width,  ImageInfo.Thumbnail.width);
                ZVAL_LONG(*p_height, ImageInfo.Thumbnail.height);
        }
        if (arg_c >= 4) {
+               zval_dtor(*p_imagetype);
                ZVAL_LONG(*p_imagetype, ImageInfo.Thumbnail.filetype);
        }

@@ -4076,6 +4071,7 @@
        if (zend_get_parameters_ex(1, &arg1) == FAILURE)
                WRONG_PARAM_COUNT;
+       convert_to_string_ex(arg1);
        stream = php_stream_open_wrapper(Z_STRVAL_PP(arg1), "rb", 
IGNORE_PATH|ENFORCE_SAFE_MODE|REPORT_ERRORS, NULL);

        if (stream == NULL) {



--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php