MFH: Allow ifd start at offset other than 00000008h and provide testcase.

helly25 · helly25 · commit 3789aab33972 · 2002-10-19T10:24:03.000Z
diff --git a/ext/exif/exif.c b/ext/exif/exif.c
@@ -1606,6 +1606,8 @@ static void exif_process_IFD_in_JPEG(image_info_type *ImageInfo, char *DirStart,
 */
 static void exif_process_TIFF_in_JPEG(image_info_type *ImageInfo, char *CharBuf, unsigned int length)
 {
+	unsigned exif_value_2a, offset_of_ifd;
+
 	/* set the thumbnail stuff to nothing so we can test to see if they get set up */
 	if (memcmp(CharBuf, "II", 2) == 0) {
 		ImageInfo->motorola_intel = 0;
@@ -1617,14 +1619,15 @@ static void exif_process_TIFF_in_JPEG(image_info_type *ImageInfo, char *CharBuf,
 	}
 
 	/* Check the next two values for correctness. */
-	if (php_ifd_get16u(CharBuf+2, ImageInfo->motorola_intel) != 0x2a
-	  || php_ifd_get32u(CharBuf+4, ImageInfo->motorola_intel) != 0x08) {
+	exif_value_2a = php_ifd_get16u(CharBuf+2, ImageInfo->motorola_intel);
+	offset_of_ifd = php_ifd_get32u(CharBuf+4, ImageInfo->motorola_intel);
+	if ( exif_value_2a != 0x2a || offset_of_ifd < 0x08) {
 		php_error(E_WARNING, "Invalid TIFF start (1)");
 		return;
 	}
 
 	/* First directory starts at offset 8. Offsets starts at 0. */
-	exif_process_IFD_in_JPEG(ImageInfo, CharBuf+8, CharBuf, length/*-14*/, SECTION_IFD0);
+	exif_process_IFD_in_JPEG(ImageInfo, CharBuf+offset_of_ifd, CharBuf, length/*-14*/, SECTION_IFD0);
 
 #ifdef EXIF_DEBUG
 	php_error(E_NOTICE,"exif_process_TIFF_in_JPEG, done");
