1 /*
2    +----------------------------------------------------------------------+
3    | PHP Version 7                                                        |
4    +----------------------------------------------------------------------+
5    | Copyright (c) The PHP Group                                          |
6    +----------------------------------------------------------------------+
7    | This source file is subject to version 3.01 of the PHP license,      |
8    | that is bundled with this package in the file LICENSE, and is        |
9    | available through the world-wide-web at the following url:           |
10    | http://www.php.net/license/3_01.txt                                  |
11    | If you did not receive a copy of the PHP license and are unable to   |
12    | obtain it through the world-wide-web, please send a note to          |
13    | license@php.net so we can mail you a copy immediately.               |
14    +----------------------------------------------------------------------+
15    | Authors: Rasmus Lerdorf <rasmus@php.net>                             |
16    |          Marcus Boerger <helly@php.net>                              |
17    +----------------------------------------------------------------------+
18  */
19 
20 #include "php.h"
21 #include <stdio.h>
22 #if HAVE_FCNTL_H
23 #include <fcntl.h>
24 #endif
25 #include "fopen_wrappers.h"
26 #include "ext/standard/fsock.h"
27 #if HAVE_UNISTD_H
28 #include <unistd.h>
29 #endif
30 #include "php_image.h"
31 #ifdef PHP_WIN32
32 #include "win32/php_stdint.h"
33 #endif
34 
35 #if HAVE_ZLIB && !defined(COMPILE_DL_ZLIB)
36 #include "zlib.h"
37 #endif
38 
39 /* file type markers */
40 PHPAPI const char php_sig_gif[3] = {'G', 'I', 'F'};
41 PHPAPI const char php_sig_psd[4] = {'8', 'B', 'P', 'S'};
42 PHPAPI const char php_sig_bmp[2] = {'B', 'M'};
43 PHPAPI const char php_sig_swf[3] = {'F', 'W', 'S'};
44 PHPAPI const char php_sig_swc[3] = {'C', 'W', 'S'};
45 PHPAPI const char php_sig_jpg[3] = {(char) 0xff, (char) 0xd8, (char) 0xff};
46 PHPAPI const char php_sig_png[8] = {(char) 0x89, (char) 0x50, (char) 0x4e, (char) 0x47,
47                                     (char) 0x0d, (char) 0x0a, (char) 0x1a, (char) 0x0a};
48 PHPAPI const char php_sig_tif_ii[4] = {'I','I', (char)0x2A, (char)0x00};
49 PHPAPI const char php_sig_tif_mm[4] = {'M','M', (char)0x00, (char)0x2A};
50 PHPAPI const char php_sig_jpc[3]  = {(char)0xff, (char)0x4f, (char)0xff};
51 PHPAPI const char php_sig_jp2[12] = {(char)0x00, (char)0x00, (char)0x00, (char)0x0c,
52                                      (char)0x6a, (char)0x50, (char)0x20, (char)0x20,
53                                      (char)0x0d, (char)0x0a, (char)0x87, (char)0x0a};
54 PHPAPI const char php_sig_iff[4] = {'F','O','R','M'};
55 PHPAPI const char php_sig_ico[4] = {(char)0x00, (char)0x00, (char)0x01, (char)0x00};
56 PHPAPI const char php_sig_riff[4] = {'R', 'I', 'F', 'F'};
57 PHPAPI const char php_sig_webp[4] = {'W', 'E', 'B', 'P'};
58 
59 /* REMEMBER TO ADD MIME-TYPE TO FUNCTION php_image_type_to_mime_type */
60 /* PCX must check first 64bytes and byte 0=0x0a and byte2 < 0x06 */
61 
62 /* return info as a struct, to make expansion easier */
63 
64 struct gfxinfo {
65 	unsigned int width;
66 	unsigned int height;
67 	unsigned int bits;
68 	unsigned int channels;
69 };
70 
71 /* {{{ PHP_MINIT_FUNCTION(imagetypes)
72  * Register IMAGETYPE_<xxx> constants used by GetImageSize(), image_type_to_mime_type, ext/exif */
PHP_MINIT_FUNCTIONnull73 PHP_MINIT_FUNCTION(imagetypes)
74 {
75 	REGISTER_LONG_CONSTANT("IMAGETYPE_GIF",     IMAGE_FILETYPE_GIF,     CONST_CS | CONST_PERSISTENT);
76 	REGISTER_LONG_CONSTANT("IMAGETYPE_JPEG",    IMAGE_FILETYPE_JPEG,    CONST_CS | CONST_PERSISTENT);
77 	REGISTER_LONG_CONSTANT("IMAGETYPE_PNG",     IMAGE_FILETYPE_PNG,     CONST_CS | CONST_PERSISTENT);
78 	REGISTER_LONG_CONSTANT("IMAGETYPE_SWF",     IMAGE_FILETYPE_SWF,     CONST_CS | CONST_PERSISTENT);
79 	REGISTER_LONG_CONSTANT("IMAGETYPE_PSD",     IMAGE_FILETYPE_PSD,     CONST_CS | CONST_PERSISTENT);
80 	REGISTER_LONG_CONSTANT("IMAGETYPE_BMP",     IMAGE_FILETYPE_BMP,     CONST_CS | CONST_PERSISTENT);
81 	REGISTER_LONG_CONSTANT("IMAGETYPE_TIFF_II", IMAGE_FILETYPE_TIFF_II, CONST_CS | CONST_PERSISTENT);
82 	REGISTER_LONG_CONSTANT("IMAGETYPE_TIFF_MM", IMAGE_FILETYPE_TIFF_MM, CONST_CS | CONST_PERSISTENT);
83 	REGISTER_LONG_CONSTANT("IMAGETYPE_JPC",     IMAGE_FILETYPE_JPC,     CONST_CS | CONST_PERSISTENT);
84 	REGISTER_LONG_CONSTANT("IMAGETYPE_JP2",     IMAGE_FILETYPE_JP2,     CONST_CS | CONST_PERSISTENT);
85 	REGISTER_LONG_CONSTANT("IMAGETYPE_JPX",     IMAGE_FILETYPE_JPX,     CONST_CS | CONST_PERSISTENT);
86 	REGISTER_LONG_CONSTANT("IMAGETYPE_JB2",     IMAGE_FILETYPE_JB2,     CONST_CS | CONST_PERSISTENT);
87 #if HAVE_ZLIB && !defined(COMPILE_DL_ZLIB)
88 	REGISTER_LONG_CONSTANT("IMAGETYPE_SWC",     IMAGE_FILETYPE_SWC,     CONST_CS | CONST_PERSISTENT);
89 #endif
90 	REGISTER_LONG_CONSTANT("IMAGETYPE_IFF",     IMAGE_FILETYPE_IFF,     CONST_CS | CONST_PERSISTENT);
91 	REGISTER_LONG_CONSTANT("IMAGETYPE_WBMP",    IMAGE_FILETYPE_WBMP,    CONST_CS | CONST_PERSISTENT);
92 	REGISTER_LONG_CONSTANT("IMAGETYPE_JPEG2000",IMAGE_FILETYPE_JPC,     CONST_CS | CONST_PERSISTENT); /* keep alias */
93 	REGISTER_LONG_CONSTANT("IMAGETYPE_XBM",     IMAGE_FILETYPE_XBM,     CONST_CS | CONST_PERSISTENT);
94 	REGISTER_LONG_CONSTANT("IMAGETYPE_ICO",     IMAGE_FILETYPE_ICO,     CONST_CS | CONST_PERSISTENT);
95 	REGISTER_LONG_CONSTANT("IMAGETYPE_WEBP",	IMAGE_FILETYPE_WEBP,	CONST_CS | CONST_PERSISTENT);
96 	REGISTER_LONG_CONSTANT("IMAGETYPE_UNKNOWN", IMAGE_FILETYPE_UNKNOWN, CONST_CS | CONST_PERSISTENT);
97 	REGISTER_LONG_CONSTANT("IMAGETYPE_COUNT",   IMAGE_FILETYPE_COUNT,   CONST_CS | CONST_PERSISTENT);
98 	return SUCCESS;
99 }
100 /* }}} */
101 
102 /* {{{ php_handle_gif
103  * routine to handle GIF files. If only everything were that easy... ;} */
php_handle_gif(php_stream * stream)104 static struct gfxinfo *php_handle_gif (php_stream * stream)
105 {
106 	struct gfxinfo *result = NULL;
107 	unsigned char dim[5];
108 
109 	if (php_stream_seek(stream, 3, SEEK_CUR))
110 		return NULL;
111 
112 	if (php_stream_read(stream, (char*)dim, sizeof(dim)) != sizeof(dim))
113 		return NULL;
114 
115 	result = (struct gfxinfo *) ecalloc(1, sizeof(struct gfxinfo));
116 	result->width    = (unsigned int)dim[0] | (((unsigned int)dim[1])<<8);
117 	result->height   = (unsigned int)dim[2] | (((unsigned int)dim[3])<<8);
118 	result->bits     = dim[4]&0x80 ? ((((unsigned int)dim[4])&0x07) + 1) : 0;
119 	result->channels = 3; /* always */
120 
121 	return result;
122 }
123 /* }}} */
124 
125 /* {{{ php_handle_psd
126  */
php_handle_psd(php_stream * stream)127 static struct gfxinfo *php_handle_psd (php_stream * stream)
128 {
129 	struct gfxinfo *result = NULL;
130 	unsigned char dim[8];
131 
132 	if (php_stream_seek(stream, 11, SEEK_CUR))
133 		return NULL;
134 
135 	if (php_stream_read(stream, (char*)dim, sizeof(dim)) != sizeof(dim))
136 		return NULL;
137 
138 	result = (struct gfxinfo *) ecalloc(1, sizeof(struct gfxinfo));
139 	result->height   =  (((unsigned int)dim[0]) << 24) + (((unsigned int)dim[1]) << 16) + (((unsigned int)dim[2]) << 8) + ((unsigned int)dim[3]);
140 	result->width    =  (((unsigned int)dim[4]) << 24) + (((unsigned int)dim[5]) << 16) + (((unsigned int)dim[6]) << 8) + ((unsigned int)dim[7]);
141 
142 	return result;
143 }
144 /* }}} */
145 
146 /* {{{ php_handle_bmp
147  */
php_handle_bmp(php_stream * stream)148 static struct gfxinfo *php_handle_bmp (php_stream * stream)
149 {
150 	struct gfxinfo *result = NULL;
151 	unsigned char dim[16];
152 	int size;
153 
154 	if (php_stream_seek(stream, 11, SEEK_CUR))
155 		return NULL;
156 
157 	if (php_stream_read(stream, (char*)dim, sizeof(dim)) != sizeof(dim))
158 		return NULL;
159 
160 	size   = (((unsigned int)dim[ 3]) << 24) + (((unsigned int)dim[ 2]) << 16) + (((unsigned int)dim[ 1]) << 8) + ((unsigned int) dim[ 0]);
161 	if (size == 12) {
162 		result = (struct gfxinfo *) ecalloc (1, sizeof(struct gfxinfo));
163 		result->width    =  (((unsigned int)dim[ 5]) << 8) + ((unsigned int) dim[ 4]);
164 		result->height   =  (((unsigned int)dim[ 7]) << 8) + ((unsigned int) dim[ 6]);
165 		result->bits     =  ((unsigned int)dim[11]);
166 	} else if (size > 12 && (size <= 64 || size == 108 || size == 124)) {
167 		result = (struct gfxinfo *) ecalloc (1, sizeof(struct gfxinfo));
168 		result->width    =  (((unsigned int)dim[ 7]) << 24) + (((unsigned int)dim[ 6]) << 16) + (((unsigned int)dim[ 5]) << 8) + ((unsigned int) dim[ 4]);
169 		result->height   =  (((unsigned int)dim[11]) << 24) + (((unsigned int)dim[10]) << 16) + (((unsigned int)dim[ 9]) << 8) + ((unsigned int) dim[ 8]);
170 		result->height   =  abs((int32_t)result->height);
171 		result->bits     =  (((unsigned int)dim[15]) <<  8) +  ((unsigned int)dim[14]);
172 	} else {
173 		return NULL;
174 	}
175 
176 	return result;
177 }
178 /* }}} */
179 
180 /* {{{ php_swf_get_bits
181  * routines to handle SWF files. */
php_swf_get_bits(unsigned char* buffer, unsigned int pos, unsigned int count)182 static unsigned long int php_swf_get_bits (unsigned char* buffer, unsigned int pos, unsigned int count)
183 {
184 	unsigned int loop;
185 	unsigned long int result = 0;
186 
187 	for (loop = pos; loop < pos + count; loop++)
188 	{
189 		result = result +
190 			((((buffer[loop / 8]) >> (7 - (loop % 8))) & 0x01) << (count - (loop - pos) - 1));
191 	}
192 	return result;
193 }
194 /* }}} */
195 
196 #if HAVE_ZLIB && !defined(COMPILE_DL_ZLIB)
197 /* {{{ php_handle_swc
198  */
php_handle_swc(php_stream * stream)199 static struct gfxinfo *php_handle_swc(php_stream * stream)
200 {
201 	struct gfxinfo *result = NULL;
202 
203 	long bits;
204 	unsigned char a[64];
205 	unsigned long len=64, szlength;
206 	int factor = 1,maxfactor = 16;
207 	int status = 0;
208 	unsigned char *b, *buf = NULL;
209 	zend_string *bufz;
210 
211 	if (php_stream_seek(stream, 5, SEEK_CUR)) {
212 		return NULL;
213 	}
214 
215 	if (php_stream_read(stream, (char *) a, sizeof(a)) != sizeof(a)) {
216 		return NULL;
217 	}
218 
219 	b = ecalloc(1, len + 1);
220 
221 	if (uncompress(b, &len, a, sizeof(a)) != Z_OK) {
222 		/* failed to decompress the file, will try reading the rest of the file */
223 		if (php_stream_seek(stream, 8, SEEK_SET)) {
224 			efree(b);
225 			return NULL;
226 		}
227 
228 		bufz = php_stream_copy_to_mem(stream, PHP_STREAM_COPY_ALL, 0);
229 
230 		if (!bufz) {
231 			efree(b);
232 			return NULL;
233 		}
234 
235 		/*
236 		 * zlib::uncompress() wants to know the output data length
237 		 * if none was given as a parameter
238 		 * we try from input length * 2 up to input length * 2^8
239 		 * doubling it whenever it wasn't big enough
240 		 * that should be eneugh for all real life cases
241 		*/
242 
243 		do {
244 			szlength = ZSTR_LEN(bufz) * (1<<factor++);
245 			buf = erealloc(buf, szlength);
246 			status = uncompress(buf, &szlength, (unsigned char *) ZSTR_VAL(bufz), ZSTR_LEN(bufz));
247 		} while ((status==Z_BUF_ERROR)&&(factor<maxfactor));
248 
249 		if (bufz) {
250 			zend_string_release_ex(bufz, 0);
251 		}
252 
253 		if (status == Z_OK) {
254 			 memcpy(b, buf, len);
255 		}
256 
257 		if (buf) {
258 			efree(buf);
259 		}
260 	}
261 
262 	if (!status) {
263 		result = (struct gfxinfo *) ecalloc (1, sizeof (struct gfxinfo));
264 		bits = php_swf_get_bits (b, 0, 5);
265 		result->width = (php_swf_get_bits (b, 5 + bits, bits) -
266 			php_swf_get_bits (b, 5, bits)) / 20;
267 		result->height = (php_swf_get_bits (b, 5 + (3 * bits), bits) -
268 			php_swf_get_bits (b, 5 + (2 * bits), bits)) / 20;
269 	} else {
270 		result = NULL;
271 	}
272 
273 	efree (b);
274 	return result;
275 }
276 /* }}} */
277 #endif
278 
279 /* {{{ php_handle_swf
280  */
php_handle_swf(php_stream * stream)281 static struct gfxinfo *php_handle_swf (php_stream * stream)
282 {
283 	struct gfxinfo *result = NULL;
284 	long bits;
285 	unsigned char a[32];
286 
287 	if (php_stream_seek(stream, 5, SEEK_CUR))
288 		return NULL;
289 
290 	if (php_stream_read(stream, (char*)a, sizeof(a)) != sizeof(a))
291 		return NULL;
292 
293 	result = (struct gfxinfo *) ecalloc (1, sizeof (struct gfxinfo));
294 	bits = php_swf_get_bits (a, 0, 5);
295 	result->width = (php_swf_get_bits (a, 5 + bits, bits) -
296 		php_swf_get_bits (a, 5, bits)) / 20;
297 	result->height = (php_swf_get_bits (a, 5 + (3 * bits), bits) -
298 		php_swf_get_bits (a, 5 + (2 * bits), bits)) / 20;
299 	result->bits     = 0;
300 	result->channels = 0;
301 	return result;
302 }
303 /* }}} */
304 
305 /* {{{ php_handle_png
306  * routine to handle PNG files */
php_handle_png(php_stream * stream)307 static struct gfxinfo *php_handle_png (php_stream * stream)
308 {
309 	struct gfxinfo *result = NULL;
310 	unsigned char dim[9];
311 /* Width:              4 bytes
312  * Height:             4 bytes
313  * Bit depth:          1 byte
314  * Color type:         1 byte
315  * Compression method: 1 byte
316  * Filter method:      1 byte
317  * Interlace method:   1 byte
318  */
319 
320 	if (php_stream_seek(stream, 8, SEEK_CUR))
321 		return NULL;
322 
323 	if((php_stream_read(stream, (char*)dim, sizeof(dim))) < sizeof(dim))
324 		return NULL;
325 
326 	result = (struct gfxinfo *) ecalloc(1, sizeof(struct gfxinfo));
327 	result->width  = (((unsigned int)dim[0]) << 24) + (((unsigned int)dim[1]) << 16) + (((unsigned int)dim[2]) << 8) + ((unsigned int)dim[3]);
328 	result->height = (((unsigned int)dim[4]) << 24) + (((unsigned int)dim[5]) << 16) + (((unsigned int)dim[6]) << 8) + ((unsigned int)dim[7]);
329 	result->bits   = (unsigned int)dim[8];
330 	return result;
331 }
332 /* }}} */
333 
334 /* routines to handle JPEG data */
335 
336 /* some defines for the different JPEG block types */
337 #define M_SOF0  0xC0			/* Start Of Frame N */
338 #define M_SOF1  0xC1			/* N indicates which compression process */
339 #define M_SOF2  0xC2			/* Only SOF0-SOF2 are now in common use */
340 #define M_SOF3  0xC3
341 #define M_SOF5  0xC5			/* NB: codes C4 and CC are NOT SOF markers */
342 #define M_SOF6  0xC6
343 #define M_SOF7  0xC7
344 #define M_SOF9  0xC9
345 #define M_SOF10 0xCA
346 #define M_SOF11 0xCB
347 #define M_SOF13 0xCD
348 #define M_SOF14 0xCE
349 #define M_SOF15 0xCF
350 #define M_SOI   0xD8
351 #define M_EOI   0xD9			/* End Of Image (end of datastream) */
352 #define M_SOS   0xDA			/* Start Of Scan (begins compressed data) */
353 #define M_APP0  0xe0
354 #define M_APP1  0xe1
355 #define M_APP2  0xe2
356 #define M_APP3  0xe3
357 #define M_APP4  0xe4
358 #define M_APP5  0xe5
359 #define M_APP6  0xe6
360 #define M_APP7  0xe7
361 #define M_APP8  0xe8
362 #define M_APP9  0xe9
363 #define M_APP10 0xea
364 #define M_APP11 0xeb
365 #define M_APP12 0xec
366 #define M_APP13 0xed
367 #define M_APP14 0xee
368 #define M_APP15 0xef
369 #define M_COM   0xFE            /* COMment                                  */
370 
371 #define M_PSEUDO 0xFFD8			/* pseudo marker for start of image(byte 0) */
372 
373 /* {{{ php_read2
374  */
php_read2(php_stream * stream)375 static unsigned short php_read2(php_stream * stream)
376 {
377 	unsigned char a[2];
378 
379 	/* return 0 if we couldn't read enough data */
380 	if((php_stream_read(stream, (char *) a, sizeof(a))) < sizeof(a)) return 0;
381 
382 	return (((unsigned short)a[0]) << 8) + ((unsigned short)a[1]);
383 }
384 /* }}} */
385 
386 /* {{{ php_next_marker
387  * get next marker byte from file */
php_next_marker(php_stream * stream, int last_marker, int ff_read)388 static unsigned int php_next_marker(php_stream * stream, int last_marker, int ff_read)
389 {
390 	int a=0, marker;
391 
392 	/* get marker byte, swallowing possible padding                           */
393 	if (!ff_read) {
394 		size_t extraneous = 0;
395 
396 		while ((marker = php_stream_getc(stream)) != 0xff) {
397 			if (marker == EOF) {
398 				return M_EOI;/* we hit EOF */
399 	}
400 			extraneous++;
401 	}
402 		if (extraneous) {
403 			php_error_docref(NULL, E_WARNING, "corrupt JPEG data: %zu extraneous bytes before marker", extraneous);
404 		}
405 	}
406 	a = 1;
407 	do {
408 		if ((marker = php_stream_getc(stream)) == EOF)
409 		{
410 			return M_EOI;/* we hit EOF */
411 		}
412 		a++;
413 	} while (marker == 0xff);
414 	if (a < 2)
415 	{
416 		return M_EOI; /* at least one 0xff is needed before marker code */
417 	}
418 	return (unsigned int)marker;
419 }
420 /* }}} */
421 
422 /* {{{ php_skip_variable
423  * skip over a variable-length block; assumes proper length marker */
php_skip_variable(php_stream * stream)424 static int php_skip_variable(php_stream * stream)
425 {
426 	zend_off_t length = ((unsigned int)php_read2(stream));
427 
428 	if (length < 2)	{
429 		return 0;
430 	}
431 	length = length - 2;
432 	php_stream_seek(stream, (zend_long)length, SEEK_CUR);
433 	return 1;
434 }
435 /* }}} */
436 
437 /* {{{ php_read_APP
438  */
php_read_APP(php_stream * stream, unsigned int marker, zval *info)439 static int php_read_APP(php_stream * stream, unsigned int marker, zval *info)
440 {
441 	unsigned short length;
442 	char *buffer;
443 	char markername[16];
444 	zval *tmp;
445 
446 	length = php_read2(stream);
447 	if (length < 2)	{
448 		return 0;
449 	}
450 	length -= 2;				/* length includes itself */
451 
452 	buffer = emalloc((size_t)length);
453 
454 	if (php_stream_read(stream, buffer, (size_t) length) != length) {
455 		efree(buffer);
456 		return 0;
457 	}
458 
459 	snprintf(markername, sizeof(markername), "APP%d", marker - M_APP0);
460 
461 	if ((tmp = zend_hash_str_find(Z_ARRVAL_P(info), markername, strlen(markername))) == NULL) {
462 		/* XXX we only catch the 1st tag of it's kind! */
463 		add_assoc_stringl(info, markername, buffer, length);
464 	}
465 
466 	efree(buffer);
467 	return 1;
468 }
469 /* }}} */
470 
471 /* {{{ php_handle_jpeg
472    main loop to parse JPEG structure */
php_handle_jpeg(php_stream * stream, zval *info)473 static struct gfxinfo *php_handle_jpeg (php_stream * stream, zval *info)
474 {
475 	struct gfxinfo *result = NULL;
476 	unsigned int marker = M_PSEUDO;
477 	unsigned short length, ff_read=1;
478 
479 	for (;;) {
480 		marker = php_next_marker(stream, marker, ff_read);
481 		ff_read = 0;
482 		switch (marker) {
483 			case M_SOF0:
484 			case M_SOF1:
485 			case M_SOF2:
486 			case M_SOF3:
487 			case M_SOF5:
488 			case M_SOF6:
489 			case M_SOF7:
490 			case M_SOF9:
491 			case M_SOF10:
492 			case M_SOF11:
493 			case M_SOF13:
494 			case M_SOF14:
495 			case M_SOF15:
496 				if (result == NULL) {
497 					/* handle SOFn block */
498 					result = (struct gfxinfo *) ecalloc(1, sizeof(struct gfxinfo));
499 					length = php_read2(stream);
500 					result->bits     = php_stream_getc(stream);
501 					result->height   = php_read2(stream);
502 					result->width    = php_read2(stream);
503 					result->channels = php_stream_getc(stream);
504 					if (!info || length < 8) { /* if we don't want an extanded info -> return */
505 						return result;
506 					}
507 					if (php_stream_seek(stream, length - 8, SEEK_CUR)) { /* file error after info */
508 						return result;
509 					}
510 				} else {
511 					if (!php_skip_variable(stream)) {
512 						return result;
513 					}
514 				}
515 				break;
516 
517 			case M_APP0:
518 			case M_APP1:
519 			case M_APP2:
520 			case M_APP3:
521 			case M_APP4:
522 			case M_APP5:
523 			case M_APP6:
524 			case M_APP7:
525 			case M_APP8:
526 			case M_APP9:
527 			case M_APP10:
528 			case M_APP11:
529 			case M_APP12:
530 			case M_APP13:
531 			case M_APP14:
532 			case M_APP15:
533 				if (info) {
534 					if (!php_read_APP(stream, marker, info)) { /* read all the app marks... */
535 						return result;
536 					}
537 				} else {
538 					if (!php_skip_variable(stream)) {
539 						return result;
540 					}
541 				}
542 				break;
543 
544 			case M_SOS:
545 			case M_EOI:
546 				return result;	/* we're about to hit image data, or are at EOF. stop processing. */
547 
548 			default:
549 				if (!php_skip_variable(stream)) { /* anything else isn't interesting */
550 					return result;
551 				}
552 				break;
553 		}
554 	}
555 
556 	return result; /* perhaps image broken -> no info but size */
557 }
558 /* }}} */
559 
560 /* {{{ php_read4
561  */
php_read4(php_stream * stream)562 static unsigned int php_read4(php_stream * stream)
563 {
564 	unsigned char a[4];
565 
566 	/* just return 0 if we hit the end-of-file */
567 	if ((php_stream_read(stream, (char*)a, sizeof(a))) != sizeof(a)) return 0;
568 
569 	return (((unsigned int)a[0]) << 24)
570 	     + (((unsigned int)a[1]) << 16)
571 	     + (((unsigned int)a[2]) <<  8)
572 	     + (((unsigned int)a[3]));
573 }
574 /* }}} */
575 
576 /* {{{ JPEG 2000 Marker Codes */
577 #define JPEG2000_MARKER_PREFIX 0xFF /* All marker codes start with this */
578 #define JPEG2000_MARKER_SOC 0x4F /* Start of Codestream */
579 #define JPEG2000_MARKER_SOT 0x90 /* Start of Tile part */
580 #define JPEG2000_MARKER_SOD 0x93 /* Start of Data */
581 #define JPEG2000_MARKER_EOC 0xD9 /* End of Codestream */
582 #define JPEG2000_MARKER_SIZ 0x51 /* Image and tile size */
583 #define JPEG2000_MARKER_COD 0x52 /* Coding style default */
584 #define JPEG2000_MARKER_COC 0x53 /* Coding style component */
585 #define JPEG2000_MARKER_RGN 0x5E /* Region of interest */
586 #define JPEG2000_MARKER_QCD 0x5C /* Quantization default */
587 #define JPEG2000_MARKER_QCC 0x5D /* Quantization component */
588 #define JPEG2000_MARKER_POC 0x5F /* Progression order change */
589 #define JPEG2000_MARKER_TLM 0x55 /* Tile-part lengths */
590 #define JPEG2000_MARKER_PLM 0x57 /* Packet length, main header */
591 #define JPEG2000_MARKER_PLT 0x58 /* Packet length, tile-part header */
592 #define JPEG2000_MARKER_PPM 0x60 /* Packed packet headers, main header */
593 #define JPEG2000_MARKER_PPT 0x61 /* Packed packet headers, tile part header */
594 #define JPEG2000_MARKER_SOP 0x91 /* Start of packet */
595 #define JPEG2000_MARKER_EPH 0x92 /* End of packet header */
596 #define JPEG2000_MARKER_CRG 0x63 /* Component registration */
597 #define JPEG2000_MARKER_COM 0x64 /* Comment */
598 /* }}} */
599 
600 /* {{{ php_handle_jpc
601    Main loop to parse JPEG2000 raw codestream structure */
php_handle_jpc(php_stream * stream)602 static struct gfxinfo *php_handle_jpc(php_stream * stream)
603 {
604 	struct gfxinfo *result = NULL;
605 	int highest_bit_depth, bit_depth;
606 	unsigned char first_marker_id;
607 	unsigned int i;
608 
609 	/* JPEG 2000 components can be vastly different from one another.
610 	   Each component can be sampled at a different resolution, use
611 	   a different colour space, have a separate colour depth, and
612 	   be compressed totally differently! This makes giving a single
613 	   "bit depth" answer somewhat problematic. For this implementation
614 	   we'll use the highest depth encountered. */
615 
616 	/* Get the single byte that remains after the file type identification */
617 	first_marker_id = php_stream_getc(stream);
618 
619 	/* Ensure that this marker is SIZ (as is mandated by the standard) */
620 	if (first_marker_id != JPEG2000_MARKER_SIZ) {
621 		php_error_docref(NULL, E_WARNING, "JPEG2000 codestream corrupt(Expected SIZ marker not found after SOC)");
622 		return NULL;
623 	}
624 
625 	result = (struct gfxinfo *)ecalloc(1, sizeof(struct gfxinfo));
626 
627 	php_read2(stream); /* Lsiz */
628 	php_read2(stream); /* Rsiz */
629 	result->width = php_read4(stream); /* Xsiz */
630 	result->height = php_read4(stream); /* Ysiz */
631 
632 #if MBO_0
633 	php_read4(stream); /* XOsiz */
634 	php_read4(stream); /* YOsiz */
635 	php_read4(stream); /* XTsiz */
636 	php_read4(stream); /* YTsiz */
637 	php_read4(stream); /* XTOsiz */
638 	php_read4(stream); /* YTOsiz */
639 #else
640 	if (php_stream_seek(stream, 24, SEEK_CUR)) {
641 		efree(result);
642 		return NULL;
643 	}
644 #endif
645 
646 	result->channels = php_read2(stream); /* Csiz */
647 	if ((result->channels == 0 && php_stream_eof(stream)) || result->channels > 256) {
648 		efree(result);
649 		return NULL;
650 	}
651 
652 	/* Collect bit depth info */
653 	highest_bit_depth = 0;
654 	for (i = 0; i < result->channels; i++) {
655 		bit_depth = php_stream_getc(stream); /* Ssiz[i] */
656 		bit_depth++;
657 		if (bit_depth > highest_bit_depth) {
658 			highest_bit_depth = bit_depth;
659 		}
660 
661 		php_stream_getc(stream); /* XRsiz[i] */
662 		php_stream_getc(stream); /* YRsiz[i] */
663 	}
664 
665 	result->bits = highest_bit_depth;
666 
667 	return result;
668 }
669 /* }}} */
670 
671 /* {{{ php_handle_jp2
672    main loop to parse JPEG 2000 JP2 wrapper format structure */
php_handle_jp2(php_stream *stream)673 static struct gfxinfo *php_handle_jp2(php_stream *stream)
674 {
675 	struct gfxinfo *result = NULL;
676 	unsigned int box_length;
677 	unsigned int box_type;
678 	char jp2c_box_id[] = {(char)0x6a, (char)0x70, (char)0x32, (char)0x63};
679 
680 	/* JP2 is a wrapper format for JPEG 2000. Data is contained within "boxes".
681 	   Boxes themselves can be contained within "super-boxes". Super-Boxes can
682 	   contain super-boxes which provides us with a hierarchical storage system.
683 
684 	   It is valid for a JP2 file to contain multiple individual codestreams.
685 	   We'll just look for the first codestream at the root of the box structure
686 	   and handle that.
687 	*/
688 
689 	for (;;)
690 	{
691 		box_length = php_read4(stream); /* LBox */
692 		/* TBox */
693 		if (php_stream_read(stream, (void *)&box_type, sizeof(box_type)) != sizeof(box_type)) {
694 			/* Use this as a general "out of stream" error */
695 			break;
696 		}
697 
698 		if (box_length == 1) {
699 			/* We won't handle XLBoxes */
700 			return NULL;
701 		}
702 
703 		if (!memcmp(&box_type, jp2c_box_id, 4))
704 		{
705 			/* Skip the first 3 bytes to emulate the file type examination */
706 			php_stream_seek(stream, 3, SEEK_CUR);
707 
708 			result = php_handle_jpc(stream);
709 			break;
710 		}
711 
712 		/* Stop if this was the last box */
713 		if ((int)box_length <= 0) {
714 			break;
715 		}
716 
717 		/* Skip over LBox (Which includes both TBox and LBox itself */
718 		if (php_stream_seek(stream, box_length - 8, SEEK_CUR)) {
719 			break;
720 		}
721 	}
722 
723 	if (result == NULL) {
724 		php_error_docref(NULL, E_WARNING, "JP2 file has no codestreams at root level");
725 	}
726 
727 	return result;
728 }
729 /* }}} */
730 
731 /* {{{ tiff constants
732  */
733 PHPAPI const int php_tiff_bytes_per_format[] = {0, 1, 1, 2, 4, 8, 1, 1, 2, 4, 8, 4, 8};
734 
735 /* uncompressed only */
736 #define TAG_IMAGEWIDTH              0x0100
737 #define TAG_IMAGEHEIGHT             0x0101
738 /* compressed images only */
739 #define TAG_COMP_IMAGEWIDTH         0xA002
740 #define TAG_COMP_IMAGEHEIGHT        0xA003
741 
742 #define TAG_FMT_BYTE       1
743 #define TAG_FMT_STRING     2
744 #define TAG_FMT_USHORT     3
745 #define TAG_FMT_ULONG      4
746 #define TAG_FMT_URATIONAL  5
747 #define TAG_FMT_SBYTE      6
748 #define TAG_FMT_UNDEFINED  7
749 #define TAG_FMT_SSHORT     8
750 #define TAG_FMT_SLONG      9
751 #define TAG_FMT_SRATIONAL 10
752 #define TAG_FMT_SINGLE    11
753 #define TAG_FMT_DOUBLE    12
754 /* }}} */
755 
756 /* {{{ php_ifd_get16u
757  * Convert a 16 bit unsigned value from file's native byte order */
php_ifd_get16u(void *Short, int motorola_intel)758 static int php_ifd_get16u(void *Short, int motorola_intel)
759 {
760 	if (motorola_intel) {
761 		return (((unsigned char *)Short)[0] << 8) | ((unsigned char *)Short)[1];
762 	} else {
763 		return (((unsigned char *)Short)[1] << 8) | ((unsigned char *)Short)[0];
764 	}
765 }
766 /* }}} */
767 
768 /* {{{ php_ifd_get16s
769  * Convert a 16 bit signed value from file's native byte order */
php_ifd_get16s(void *Short, int motorola_intel)770 static signed short php_ifd_get16s(void *Short, int motorola_intel)
771 {
772 	return (signed short)php_ifd_get16u(Short, motorola_intel);
773 }
774 /* }}} */
775 
776 /* {{{ php_ifd_get32s
777  * Convert a 32 bit signed value from file's native byte order */
php_ifd_get32s(void *Long, int motorola_intel)778 static int php_ifd_get32s(void *Long, int motorola_intel)
779 {
780 	if (motorola_intel) {
781 		return  ((( char *)Long)[0] << 24) | (((unsigned char *)Long)[1] << 16)
782 		      | (((unsigned char *)Long)[2] << 8 ) | (((unsigned char *)Long)[3] << 0 );
783 	} else {
784 		return  ((( char *)Long)[3] << 24) | (((unsigned char *)Long)[2] << 16)
785 		      | (((unsigned char *)Long)[1] << 8 ) | (((unsigned char *)Long)[0] << 0 );
786 	}
787 }
788 /* }}} */
789 
790 /* {{{ php_ifd_get32u
791  * Convert a 32 bit unsigned value from file's native byte order */
php_ifd_get32u(void *Long, int motorola_intel)792 static unsigned php_ifd_get32u(void *Long, int motorola_intel)
793 {
794 	return (unsigned)php_ifd_get32s(Long, motorola_intel) & 0xffffffff;
795 }
796 /* }}} */
797 
798 /* {{{ php_handle_tiff
799    main loop to parse TIFF structure */
php_handle_tiff(php_stream * stream, zval *info, int motorola_intel)800 static struct gfxinfo *php_handle_tiff (php_stream * stream, zval *info, int motorola_intel)
801 {
802 	struct gfxinfo *result = NULL;
803 	int i, num_entries;
804 	unsigned char *dir_entry;
805 	size_t ifd_size, dir_size, entry_value, width=0, height=0, ifd_addr;
806 	int entry_tag , entry_type;
807 	char *ifd_data, ifd_ptr[4];
808 
809 	if (php_stream_read(stream, ifd_ptr, 4) != 4)
810 		return NULL;
811 	ifd_addr = php_ifd_get32u(ifd_ptr, motorola_intel);
812 	if (php_stream_seek(stream, ifd_addr-8, SEEK_CUR))
813 		return NULL;
814 	ifd_size = 2;
815 	ifd_data = emalloc(ifd_size);
816 	if (php_stream_read(stream, ifd_data, 2) != 2) {
817 		efree(ifd_data);
818 		return NULL;
819 	}
820 	num_entries = php_ifd_get16u(ifd_data, motorola_intel);
821 	dir_size = 2/*num dir entries*/ +12/*length of entry*/*num_entries +4/* offset to next ifd (points to thumbnail or NULL)*/;
822 	ifd_size = dir_size;
823 	ifd_data = erealloc(ifd_data,ifd_size);
824 	if (php_stream_read(stream, ifd_data+2, dir_size-2) != dir_size-2) {
825 		efree(ifd_data);
826 		return NULL;
827 	}
828 	/* now we have the directory we can look how long it should be */
829 	ifd_size = dir_size;
830 	for(i=0;i<num_entries;i++) {
831 		dir_entry 	 = (unsigned char *) ifd_data+2+i*12;
832 		entry_tag    = php_ifd_get16u(dir_entry+0, motorola_intel);
833 		entry_type   = php_ifd_get16u(dir_entry+2, motorola_intel);
834 		switch(entry_type) {
835 			case TAG_FMT_BYTE:
836 			case TAG_FMT_SBYTE:
837 				entry_value  = (size_t)(dir_entry[8]);
838 				break;
839 			case TAG_FMT_USHORT:
840 				entry_value  = php_ifd_get16u(dir_entry+8, motorola_intel);
841 				break;
842 			case TAG_FMT_SSHORT:
843 				entry_value  = php_ifd_get16s(dir_entry+8, motorola_intel);
844 				break;
845 			case TAG_FMT_ULONG:
846 				entry_value  = php_ifd_get32u(dir_entry+8, motorola_intel);
847 				break;
848 			case TAG_FMT_SLONG:
849 				entry_value  = php_ifd_get32s(dir_entry+8, motorola_intel);
850 				break;
851 			default:
852 				continue;
853 		}
854 		switch(entry_tag) {
855 			case TAG_IMAGEWIDTH:
856 			case TAG_COMP_IMAGEWIDTH:
857 				width  = entry_value;
858 				break;
859 			case TAG_IMAGEHEIGHT:
860 			case TAG_COMP_IMAGEHEIGHT:
861 				height = entry_value;
862 				break;
863 		}
864 	}
865 	efree(ifd_data);
866 	if ( width && height) {
867 		/* not the same when in for-loop */
868 		result = (struct gfxinfo *) ecalloc(1, sizeof(struct gfxinfo));
869 		result->height   = height;
870 		result->width    = width;
871 		result->bits     = 0;
872 		result->channels = 0;
873 		return result;
874 	}
875 	return NULL;
876 }
877 /* }}} */
878 
879 /* {{{ php_handle_psd
880  */
php_handle_iff(php_stream * stream)881 static struct gfxinfo *php_handle_iff(php_stream * stream)
882 {
883 	struct gfxinfo * result;
884 	unsigned char a[10];
885 	int chunkId;
886 	int size;
887 	short width, height, bits;
888 
889 	if (php_stream_read(stream, (char *) a, 8) != 8) {
890 		return NULL;
891 	}
892 	if (strncmp((char *) a+4, "ILBM", 4) && strncmp((char *) a+4, "PBM ", 4)) {
893 		return NULL;
894 	}
895 
896 	/* loop chunks to find BMHD chunk */
897 	do {
898 		if (php_stream_read(stream, (char*)a, 8) != 8) {
899 			return NULL;
900 		}
901 		chunkId = php_ifd_get32s(a+0, 1);
902 		size    = php_ifd_get32s(a+4, 1);
903 		if (size < 0) {
904 			return NULL;
905 		}
906 		if ((size & 1) == 1) {
907 			size++;
908 		}
909 		if (chunkId == 0x424d4844) { /* BMHD chunk */
910 			if (size < 9 || php_stream_read(stream, (char*)a, 9) != 9) {
911 				return NULL;
912 			}
913 			width  = php_ifd_get16s(a+0, 1);
914 			height = php_ifd_get16s(a+2, 1);
915 			bits   = a[8] & 0xff;
916 			if (width > 0 && height > 0 && bits > 0 && bits < 33) {
917 				result = (struct gfxinfo *) ecalloc(1, sizeof(struct gfxinfo));
918 				result->width    = width;
919 				result->height   = height;
920 				result->bits     = bits;
921 				result->channels = 0;
922 				return result;
923 			}
924 		} else {
925 			if (php_stream_seek(stream, size, SEEK_CUR)) {
926 				return NULL;
927 			}
928 		}
929 	} while (1);
930 }
931 /* }}} */
932 
933 /* {{{ php_get_wbmp
934  * int WBMP file format type
935  * byte Header Type
936  *	byte Extended Header
937  *		byte Header Data (type 00 = multibyte)
938  *		byte Header Data (type 11 = name/pairs)
939  * int Number of columns
940  * int Number of rows
941  */
php_get_wbmp(php_stream *stream, struct gfxinfo **result, int check)942 static int php_get_wbmp(php_stream *stream, struct gfxinfo **result, int check)
943 {
944 	int i, width = 0, height = 0;
945 
946 	if (php_stream_rewind(stream)) {
947 		return 0;
948 	}
949 
950 	/* get type */
951 	if (php_stream_getc(stream) != 0) {
952 		return 0;
953 	}
954 
955 	/* skip header */
956 	do {
957 		i = php_stream_getc(stream);
958 		if (i < 0) {
959 			return 0;
960 		}
961 	} while (i & 0x80);
962 
963 	/* get width */
964 	do {
965 		i = php_stream_getc(stream);
966 		if (i < 0) {
967 			return 0;
968 		}
969 		width = (width << 7) | (i & 0x7f);
970         /* maximum valid width for wbmp (although 127 may be a more accurate one) */
971         if (width > 2048) {
972             return 0;
973         }
974 	} while (i & 0x80);
975 
976 	/* get height */
977 	do {
978 		i = php_stream_getc(stream);
979 		if (i < 0) {
980 			return 0;
981 		}
982 		height = (height << 7) | (i & 0x7f);
983         /* maximum valid height for wbmp (although 127 may be a more accurate one) */
984         if (height > 2048) {
985             return 0;
986         }
987 	} while (i & 0x80);
988 
989 	if (!height || !width) {
990 		return 0;
991 	}
992 
993 	if (!check) {
994 		(*result)->width = width;
995 		(*result)->height = height;
996 	}
997 
998 	return IMAGE_FILETYPE_WBMP;
999 }
1000 /* }}} */
1001 
1002 /* {{{ php_handle_wbmp
1003 */
php_handle_wbmp(php_stream * stream)1004 static struct gfxinfo *php_handle_wbmp(php_stream * stream)
1005 {
1006 	struct gfxinfo *result = (struct gfxinfo *) ecalloc(1, sizeof(struct gfxinfo));
1007 
1008 	if (!php_get_wbmp(stream, &result, 0)) {
1009 		efree(result);
1010 		return NULL;
1011 	}
1012 
1013 	return result;
1014 }
1015 /* }}} */
1016 
1017 /* {{{ php_get_xbm
1018  */
php_get_xbm(php_stream *stream, struct gfxinfo **result)1019 static int php_get_xbm(php_stream *stream, struct gfxinfo **result)
1020 {
1021     char *fline;
1022     char *iname;
1023     char *type;
1024     int value;
1025     unsigned int width = 0, height = 0;
1026 
1027 	if (result) {
1028 		*result = NULL;
1029 	}
1030 	if (php_stream_rewind(stream)) {
1031 		return 0;
1032 	}
1033 	while ((fline=php_stream_gets(stream, NULL, 0)) != NULL) {
1034 		iname = estrdup(fline); /* simple way to get necessary buffer of required size */
1035 		if (sscanf(fline, "#define %s %d", iname, &value) == 2) {
1036 			if (!(type = strrchr(iname, '_'))) {
1037 				type = iname;
1038 			} else {
1039 				type++;
1040 			}
1041 
1042 			if (!strcmp("width", type)) {
1043 				width = (unsigned int) value;
1044 				if (height) {
1045 					efree(iname);
1046 					break;
1047 				}
1048 			}
1049 			if (!strcmp("height", type)) {
1050 				height = (unsigned int) value;
1051 				if (width) {
1052 					efree(iname);
1053 					break;
1054 				}
1055 			}
1056 		}
1057 		efree(fline);
1058 		efree(iname);
1059 	}
1060 	if (fline) {
1061 		efree(fline);
1062 	}
1063 
1064 	if (width && height) {
1065 		if (result) {
1066 			*result = (struct gfxinfo *) ecalloc(1, sizeof(struct gfxinfo));
1067 			(*result)->width = width;
1068 			(*result)->height = height;
1069 		}
1070 		return IMAGE_FILETYPE_XBM;
1071 	}
1072 
1073 	return 0;
1074 }
1075 /* }}} */
1076 
1077 /* {{{ php_handle_xbm
1078  */
php_handle_xbm(php_stream * stream)1079 static struct gfxinfo *php_handle_xbm(php_stream * stream)
1080 {
1081 	struct gfxinfo *result;
1082 	php_get_xbm(stream, &result);
1083 	return result;
1084 }
1085 /* }}} */
1086 
1087 /* {{{ php_handle_ico
1088  */
php_handle_ico(php_stream * stream)1089 static struct gfxinfo *php_handle_ico(php_stream * stream)
1090 {
1091 	struct gfxinfo *result = NULL;
1092 	unsigned char dim[16];
1093 	int num_icons = 0;
1094 
1095 	if (php_stream_read(stream, (char *) dim, 2) != 2)
1096 		return NULL;
1097 
1098 	num_icons = (((unsigned int)dim[1]) << 8) + ((unsigned int) dim[0]);
1099 
1100 	if (num_icons < 1 || num_icons > 255)
1101 		return NULL;
1102 
1103 	result = (struct gfxinfo *) ecalloc(1, sizeof(struct gfxinfo));
1104 
1105 	while (num_icons > 0)
1106 	{
1107 		if (php_stream_read(stream, (char *) dim, sizeof(dim)) != sizeof(dim))
1108 			break;
1109 
1110 		if ((((unsigned int)dim[7]) <<  8) +  ((unsigned int)dim[6]) >= result->bits)
1111 		{
1112 			result->width    =  (unsigned int)dim[0];
1113 			result->height   =  (unsigned int)dim[1];
1114 			result->bits     =  (((unsigned int)dim[7]) <<  8) +  ((unsigned int)dim[6]);
1115 		}
1116 		num_icons--;
1117 	}
1118 
1119 	return result;
1120 }
1121 /* }}} */
1122 
1123 /* {{{ php_handle_webp
1124  */
php_handle_webp(php_stream * stream)1125 static struct gfxinfo *php_handle_webp(php_stream * stream)
1126 {
1127 	struct gfxinfo *result = NULL;
1128 	const char sig[3] = {'V', 'P', '8'};
1129 	unsigned char buf[18];
1130 	char format;
1131 
1132 	if (php_stream_read(stream, (char *) buf, 18) != 18)
1133 		return NULL;
1134 
1135 	if (memcmp(buf, sig, 3)) {
1136 		return NULL;
1137 	}
1138 	switch (buf[3]) {
1139 		case ' ':
1140 		case 'L':
1141 		case 'X':
1142 			format = buf[3];
1143 			break;
1144 		default:
1145 			return NULL;
1146 	}
1147 
1148 	result = (struct gfxinfo *) ecalloc(1, sizeof(struct gfxinfo));
1149 
1150 	switch (format) {
1151 		case ' ':
1152 			result->width = buf[14] + ((buf[15] & 0x3F) << 8);
1153 			result->height = buf[16] + ((buf[17] & 0x3F) << 8);
1154 			break;
1155 		case 'L':
1156 			result->width = buf[9] + ((buf[10] & 0x3F) << 8) + 1;
1157 			result->height = (buf[10] >> 6) + (buf[11] << 2) + ((buf[12] & 0xF) << 10) + 1;
1158 			break;
1159 		case 'X':
1160 			result->width = buf[12] + (buf[13] << 8) + (buf[14] << 16) + 1;
1161 			result->height = buf[15] + (buf[16] << 8) + (buf[17] << 16) + 1;
1162 			break;
1163 	}
1164 	result->bits = 8; /* always 1 byte */
1165 
1166 	return result;
1167 }
1168 /* }}} */
1169 
1170 /* {{{ php_image_type_to_mime_type
1171  * Convert internal image_type to mime type */
php_image_type_to_mime_type(int image_type)1172 PHPAPI char * php_image_type_to_mime_type(int image_type)
1173 {
1174 	switch( image_type) {
1175 		case IMAGE_FILETYPE_GIF:
1176 			return "image/gif";
1177 		case IMAGE_FILETYPE_JPEG:
1178 			return "image/jpeg";
1179 		case IMAGE_FILETYPE_PNG:
1180 			return "image/png";
1181 		case IMAGE_FILETYPE_SWF:
1182 		case IMAGE_FILETYPE_SWC:
1183 			return "application/x-shockwave-flash";
1184 		case IMAGE_FILETYPE_PSD:
1185 			return "image/psd";
1186 		case IMAGE_FILETYPE_BMP:
1187 			return "image/bmp";
1188 		case IMAGE_FILETYPE_TIFF_II:
1189 		case IMAGE_FILETYPE_TIFF_MM:
1190 			return "image/tiff";
1191 		case IMAGE_FILETYPE_IFF:
1192 			return "image/iff";
1193 		case IMAGE_FILETYPE_WBMP:
1194 			return "image/vnd.wap.wbmp";
1195 		case IMAGE_FILETYPE_JPC:
1196 			return "application/octet-stream";
1197 		case IMAGE_FILETYPE_JP2:
1198 			return "image/jp2";
1199 		case IMAGE_FILETYPE_XBM:
1200 			return "image/xbm";
1201 		case IMAGE_FILETYPE_ICO:
1202 			return "image/vnd.microsoft.icon";
1203 		case IMAGE_FILETYPE_WEBP:
1204 			return "image/webp";
1205 		default:
1206 		case IMAGE_FILETYPE_UNKNOWN:
1207 			return "application/octet-stream"; /* suppose binary format */
1208 	}
1209 }
1210 /* }}} */
1211 
1212 /* {{{ proto string image_type_to_mime_type(int imagetype)
1213    Get Mime-Type for image-type returned by getimagesize, exif_read_data, exif_thumbnail, exif_imagetype */
PHP_FUNCTIONnull1214 PHP_FUNCTION(image_type_to_mime_type)
1215 {
1216 	zend_long p_image_type;
1217 
1218 	ZEND_PARSE_PARAMETERS_START(1, 1)
1219 		Z_PARAM_LONG(p_image_type)
1220 	ZEND_PARSE_PARAMETERS_END();
1221 
1222 	ZVAL_STRING(return_value, (char*)php_image_type_to_mime_type(p_image_type));
1223 }
1224 /* }}} */
1225 
1226 /* {{{ proto string image_type_to_extension(int imagetype [, bool include_dot])
1227    Get file extension for image-type returned by getimagesize, exif_read_data, exif_thumbnail, exif_imagetype */
PHP_FUNCTIONnull1228 PHP_FUNCTION(image_type_to_extension)
1229 {
1230 	zend_long image_type;
1231 	zend_bool inc_dot=1;
1232 	const char *imgext = NULL;
1233 
1234 	ZEND_PARSE_PARAMETERS_START(1, 2)
1235 		Z_PARAM_LONG(image_type)
1236 		Z_PARAM_OPTIONAL
1237 		Z_PARAM_BOOL(inc_dot)
1238 	ZEND_PARSE_PARAMETERS_END_EX(RETURN_FALSE);
1239 
1240 	switch (image_type) {
1241 		case IMAGE_FILETYPE_GIF:
1242 			imgext = ".gif";
1243 			break;
1244 		case IMAGE_FILETYPE_JPEG:
1245 			imgext = ".jpeg";
1246 			break;
1247 		case IMAGE_FILETYPE_PNG:
1248 			imgext = ".png";
1249 			break;
1250 		case IMAGE_FILETYPE_SWF:
1251 		case IMAGE_FILETYPE_SWC:
1252 			imgext = ".swf";
1253 			break;
1254 		case IMAGE_FILETYPE_PSD:
1255 			imgext = ".psd";
1256 			break;
1257 		case IMAGE_FILETYPE_BMP:
1258 		case IMAGE_FILETYPE_WBMP:
1259 			imgext = ".bmp";
1260 			break;
1261 		case IMAGE_FILETYPE_TIFF_II:
1262 		case IMAGE_FILETYPE_TIFF_MM:
1263 			imgext = ".tiff";
1264 			break;
1265 		case IMAGE_FILETYPE_IFF:
1266 			imgext = ".iff";
1267 			break;
1268 		case IMAGE_FILETYPE_JPC:
1269 			imgext = ".jpc";
1270 			break;
1271 		case IMAGE_FILETYPE_JP2:
1272 			imgext = ".jp2";
1273 			break;
1274 		case IMAGE_FILETYPE_JPX:
1275 			imgext = ".jpx";
1276 			break;
1277 		case IMAGE_FILETYPE_JB2:
1278 			imgext = ".jb2";
1279 			break;
1280 		case IMAGE_FILETYPE_XBM:
1281 			imgext = ".xbm";
1282 			break;
1283 		case IMAGE_FILETYPE_ICO:
1284 			imgext = ".ico";
1285 			break;
1286 		case IMAGE_FILETYPE_WEBP:
1287 			imgext = ".webp";
1288 			break;
1289 	}
1290 
1291 	if (imgext) {
1292 		RETURN_STRING(&imgext[!inc_dot]);
1293 	}
1294 
1295 	RETURN_FALSE;
1296 }
1297 /* }}} */
1298 
1299 /* {{{ php_imagetype
1300    detect filetype from first bytes */
php_getimagetype(php_stream * stream, char *filetype)1301 PHPAPI int php_getimagetype(php_stream * stream, char *filetype)
1302 {
1303 	char tmp[12];
1304     int twelve_bytes_read;
1305 
1306 	if ( !filetype) filetype = tmp;
1307 	if((php_stream_read(stream, filetype, 3)) != 3) {
1308 		php_error_docref(NULL, E_NOTICE, "Read error!");
1309 		return IMAGE_FILETYPE_UNKNOWN;
1310 	}
1311 
1312 /* BYTES READ: 3 */
1313 	if (!memcmp(filetype, php_sig_gif, 3)) {
1314 		return IMAGE_FILETYPE_GIF;
1315 	} else if (!memcmp(filetype, php_sig_jpg, 3)) {
1316 		return IMAGE_FILETYPE_JPEG;
1317 	} else if (!memcmp(filetype, php_sig_png, 3)) {
1318 		if (php_stream_read(stream, filetype+3, 5) != 5) {
1319 			php_error_docref(NULL, E_NOTICE, "Read error!");
1320 			return IMAGE_FILETYPE_UNKNOWN;
1321 		}
1322 		if (!memcmp(filetype, php_sig_png, 8)) {
1323 			return IMAGE_FILETYPE_PNG;
1324 		} else {
1325 			php_error_docref(NULL, E_WARNING, "PNG file corrupted by ASCII conversion");
1326 			return IMAGE_FILETYPE_UNKNOWN;
1327 		}
1328 	} else if (!memcmp(filetype, php_sig_swf, 3)) {
1329 		return IMAGE_FILETYPE_SWF;
1330 	} else if (!memcmp(filetype, php_sig_swc, 3)) {
1331 		return IMAGE_FILETYPE_SWC;
1332 	} else if (!memcmp(filetype, php_sig_psd, 3)) {
1333 		return IMAGE_FILETYPE_PSD;
1334 	} else if (!memcmp(filetype, php_sig_bmp, 2)) {
1335 		return IMAGE_FILETYPE_BMP;
1336 	} else if (!memcmp(filetype, php_sig_jpc, 3)) {
1337 		return IMAGE_FILETYPE_JPC;
1338 	} else if (!memcmp(filetype, php_sig_riff, 3)) {
1339 		if (php_stream_read(stream, filetype+3, 9) != 9) {
1340 			php_error_docref(NULL, E_NOTICE, "Read error!");
1341 			return IMAGE_FILETYPE_UNKNOWN;
1342 		}
1343 		if (!memcmp(filetype+8, php_sig_webp, 4)) {
1344 			return IMAGE_FILETYPE_WEBP;
1345 		} else {
1346 			return IMAGE_FILETYPE_UNKNOWN;
1347 		}
1348 	}
1349 
1350 	if (php_stream_read(stream, filetype+3, 1) != 1) {
1351 		php_error_docref(NULL, E_NOTICE, "Read error!");
1352 		return IMAGE_FILETYPE_UNKNOWN;
1353 	}
1354 /* BYTES READ: 4 */
1355 	if (!memcmp(filetype, php_sig_tif_ii, 4)) {
1356 		return IMAGE_FILETYPE_TIFF_II;
1357 	} else if (!memcmp(filetype, php_sig_tif_mm, 4)) {
1358 		return IMAGE_FILETYPE_TIFF_MM;
1359 	} else if (!memcmp(filetype, php_sig_iff, 4)) {
1360 		return IMAGE_FILETYPE_IFF;
1361 	} else if (!memcmp(filetype, php_sig_ico, 4)) {
1362 		return IMAGE_FILETYPE_ICO;
1363 	}
1364 
1365     /* WBMP may be smaller than 12 bytes, so delay error */
1366 	twelve_bytes_read = (php_stream_read(stream, filetype+4, 8) == 8);
1367 
1368 /* BYTES READ: 12 */
1369    	if (twelve_bytes_read && !memcmp(filetype, php_sig_jp2, 12)) {
1370 		return IMAGE_FILETYPE_JP2;
1371 	}
1372 
1373 /* AFTER ALL ABOVE FAILED */
1374 	if (php_get_wbmp(stream, NULL, 1)) {
1375 		return IMAGE_FILETYPE_WBMP;
1376 	}
1377     if (!twelve_bytes_read) {
1378 		php_error_docref(NULL, E_NOTICE, "Read error!");
1379 		return IMAGE_FILETYPE_UNKNOWN;
1380     }
1381 	if (php_get_xbm(stream, NULL)) {
1382 		return IMAGE_FILETYPE_XBM;
1383 	}
1384 	return IMAGE_FILETYPE_UNKNOWN;
1385 }
1386 /* }}} */
1387 
php_getimagesize_from_stream(php_stream *stream, zval *info, INTERNAL_FUNCTION_PARAMETERS)1388 static void php_getimagesize_from_stream(php_stream *stream, zval *info, INTERNAL_FUNCTION_PARAMETERS) /* {{{ */
1389 {
1390 	int itype = 0;
1391 	struct gfxinfo *result = NULL;
1392 
1393 	if (!stream) {
1394 		RETURN_FALSE;
1395 	}
1396 
1397 	itype = php_getimagetype(stream, NULL);
1398 	switch( itype) {
1399 		case IMAGE_FILETYPE_GIF:
1400 			result = php_handle_gif(stream);
1401 			break;
1402 		case IMAGE_FILETYPE_JPEG:
1403 			if (info) {
1404 				result = php_handle_jpeg(stream, info);
1405 			} else {
1406 				result = php_handle_jpeg(stream, NULL);
1407 			}
1408 			break;
1409 		case IMAGE_FILETYPE_PNG:
1410 			result = php_handle_png(stream);
1411 			break;
1412 		case IMAGE_FILETYPE_SWF:
1413 			result = php_handle_swf(stream);
1414 			break;
1415 		case IMAGE_FILETYPE_SWC:
1416 #if HAVE_ZLIB && !defined(COMPILE_DL_ZLIB)
1417 			result = php_handle_swc(stream);
1418 #else
1419 			php_error_docref(NULL, E_NOTICE, "The image is a compressed SWF file, but you do not have a static version of the zlib extension enabled");
1420 #endif
1421 			break;
1422 		case IMAGE_FILETYPE_PSD:
1423 			result = php_handle_psd(stream);
1424 			break;
1425 		case IMAGE_FILETYPE_BMP:
1426 			result = php_handle_bmp(stream);
1427 			break;
1428 		case IMAGE_FILETYPE_TIFF_II:
1429 			result = php_handle_tiff(stream, NULL, 0);
1430 			break;
1431 		case IMAGE_FILETYPE_TIFF_MM:
1432 			result = php_handle_tiff(stream, NULL, 1);
1433 			break;
1434 		case IMAGE_FILETYPE_JPC:
1435 			result = php_handle_jpc(stream);
1436 			break;
1437 		case IMAGE_FILETYPE_JP2:
1438 			result = php_handle_jp2(stream);
1439 			break;
1440 		case IMAGE_FILETYPE_IFF:
1441 			result = php_handle_iff(stream);
1442 			break;
1443 		case IMAGE_FILETYPE_WBMP:
1444 			result = php_handle_wbmp(stream);
1445 			break;
1446 		case IMAGE_FILETYPE_XBM:
1447 			result = php_handle_xbm(stream);
1448 			break;
1449 		case IMAGE_FILETYPE_ICO:
1450 			result = php_handle_ico(stream);
1451 			break;
1452 		case IMAGE_FILETYPE_WEBP:
1453 			result = php_handle_webp(stream);
1454 			break;
1455 		default:
1456 		case IMAGE_FILETYPE_UNKNOWN:
1457 			break;
1458 	}
1459 
1460 	if (result) {
1461 		char temp[MAX_LENGTH_OF_LONG * 2 + sizeof("width=\"\" height=\"\"")];
1462 		array_init(return_value);
1463 		add_index_long(return_value, 0, result->width);
1464 		add_index_long(return_value, 1, result->height);
1465 		add_index_long(return_value, 2, itype);
1466 		snprintf(temp, sizeof(temp), "width=\"%d\" height=\"%d\"", result->width, result->height);
1467 		add_index_string(return_value, 3, temp);
1468 
1469 		if (result->bits != 0) {
1470 			add_assoc_long(return_value, "bits", result->bits);
1471 		}
1472 		if (result->channels != 0) {
1473 			add_assoc_long(return_value, "channels", result->channels);
1474 		}
1475 		add_assoc_string(return_value, "mime", (char*)php_image_type_to_mime_type(itype));
1476 		efree(result);
1477 	} else {
1478 		RETURN_FALSE;
1479 	}
1480 }
1481 /* }}} */
1482 
1483 #define FROM_DATA 0
1484 #define FROM_PATH 1
1485 
php_getimagesize_from_any(INTERNAL_FUNCTION_PARAMETERS, int mode)1486 static void php_getimagesize_from_any(INTERNAL_FUNCTION_PARAMETERS, int mode) {  /* {{{ */
1487 	zval *info = NULL;
1488 	php_stream *stream = NULL;
1489 	char *input;
1490 	size_t input_len;
1491 	const int argc = ZEND_NUM_ARGS();
1492 
1493 	ZEND_PARSE_PARAMETERS_START(1, 2)
1494 		Z_PARAM_STRING(input, input_len)
1495 		Z_PARAM_OPTIONAL
1496 		Z_PARAM_ZVAL(info)
1497 	ZEND_PARSE_PARAMETERS_END();
1498 
1499 	if (mode == FROM_PATH && CHECK_NULL_PATH(input, input_len)) {
1500 		php_error_docref(NULL, E_WARNING, "Invalid path");
1501 		return;
1502 	}
1503 
1504 	if (argc == 2) {
1505 		info = zend_try_array_init(info);
1506 		if (!info) {
1507 			return;
1508 		}
1509 	}
1510 
1511 	if (mode == FROM_PATH) {
1512 		stream = php_stream_open_wrapper(input, "rb", STREAM_MUST_SEEK|REPORT_ERRORS|IGNORE_PATH, NULL);
1513 	} else {
1514 		stream = php_stream_memory_open(TEMP_STREAM_READONLY, input, input_len);
1515 	}
1516 
1517 	if (!stream) {
1518 		   RETURN_FALSE;
1519 	}
1520 
1521 	php_getimagesize_from_stream(stream, info, INTERNAL_FUNCTION_PARAM_PASSTHRU);
1522 	php_stream_close(stream);
1523 }
1524 /* }}} */
1525 
1526 /* {{{ proto array getimagesize(string imagefile [, array info])
1527    Get the size of an image as 4-element array */
PHP_FUNCTIONnull1528 PHP_FUNCTION(getimagesize)
1529 {
1530 	php_getimagesize_from_any(INTERNAL_FUNCTION_PARAM_PASSTHRU, FROM_PATH);
1531 }
1532 /* }}} */
1533 
1534 /* {{{ proto array getimagesizefromstring(string data [, array info])
1535    Get the size of an image as 4-element array */
PHP_FUNCTIONnull1536 PHP_FUNCTION(getimagesizefromstring)
1537 {
1538 	php_getimagesize_from_any(INTERNAL_FUNCTION_PARAM_PASSTHRU, FROM_DATA);
1539 }
1540 /* }}} */
1541