Skip to content

Fix Bug #75785: Add extra check for Maker's Note endianness #5849

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 4 commits into from
Closed

Fix Bug #75785: Add extra check for Maker's Note endianness #5849

wants to merge 4 commits into from

Conversation

nawarian
Copy link
Contributor

@nawarian nawarian commented Jul 12, 2020
edited
Loading

This pull request adds a naive recovery mechanism for ext/exif when extracting Maker Notes IFD tags and solves most of the warnings described in this bug ticket

The current behaviour expects the byte order to follow the same defined in the TIFF header. But some manufacturers might change this order. That's why the current exif.c file has a lookup table with valid manufacturers and their expected endianness.

Different camera models may also produce IFD Tags using a byte order other than the one specified by the lookup table. For this case, this pull request adds a naive attempt to switch the byte order before completely failing.

Original context where this pull request came from: nawarian/The-PHP-Website#32

nawarian added 2 commits July 12, 2020 21:53
@nawarian
Attempt switching endianness on Maker's Note
e6eb79e 
Different manufacturer models may come with a
different endianness (motorola/intel) format. In
order to avoid a big refactor and a gigantic lookup
table, this commit simply attempts to switch the
endianness and proceed when values are acceptable.
@nawarian
Set MAX_IFD_NESTING_LEVEL to 200
6fcca53
@nawarian nawarian changed the title ext/EXIF: Add extra check for Maker's Note endianness Fix Bug #75785: Add extra check for Maker's Note endianness Jul 12, 2020
@nikic nikic requested a review from KalleZ July 13, 2020 09:44
@nikic
Copy link
Member

nikic commented Jul 13, 2020

Does exif really not have any explicit endianness indication?

@nawarian
Copy link
Contributor Author

nawarian commented Jul 13, 2020
edited
Loading

Endianness is defined within the Tiff Header itself.

First 2bytes defines byte align of TIFF data. If it is 0x4949="I I", it means "Intel" type byte align. If it is 0x4d4d="MM", it means "Motorola" type byte align.

See https://www.media.mit.edu/pia/Research/deepview/exif.html#TiffHeader.

Theoretically the entire file should follow this endianness. Specifically for Maker Note tags (vendor specific) a different endianness can be adopted by vendors. That's why exif.c has this lookup table.

What the code doesn't take in consideration is that different camera models may also produce data using a different endianness. In this case we could either create an ever-incomplete lookup table or attempt switching modes.

@nikic
Copy link
Member

nikic commented Aug 4, 2020

@KalleZ Could you please take a look at this?

@nawarian
Copy link
Contributor Author

nawarian commented Aug 6, 2020

Thank you @rmatzinger for providing an image for testing. I've added a test case for this pull request using it.

I hope with it the only thing missing will be the code review.

@nikic
Copy link
Member

nikic commented Aug 6, 2020

Thanks for adding the test case. We should try to reduce the size of the file though, as its is 6MB large and only the exif metadata is important. I believe the way to do this is using exiftool to copy the exif data to a 1x1 pixel jpeg file.

@nawarian
Copy link
Contributor Author

nawarian commented Aug 6, 2020

My bad, you're totally right. There it is :)

KalleZ
KalleZ approved these changes Aug 6, 2020
View reviewed changes
Copy link
Member

@KalleZ KalleZ left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

Only thought about this I initially had was the E_NOTICE, but then again I think it is common practice (sadly) to call exif_read_data() with the error supression operator anyway, so it's kinda redundant to try hide it.

@php-pulls php-pulls closed this in 2fa4ca9 Aug 11, 2020
@nawarian nawarian deleted the PHP-7.3 branch August 28, 2020 08:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@KalleZ KalleZ KalleZ approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@nawarian @nikic @KalleZ