From: Brian Wolff <bawolff@users.mediawiki.org>
Date: Tue, 11 Oct 2011 14:05:23 +0000 (+0000)
Subject: (bug 31588, sort of) Jpeg metadata code wasn't handling padding bytes properly.
X-Git-Tag: 1.31.0-rc.0~27147
X-Git-Url: http://git.cyclocoop.org/%7B%24www_url%7Dadmin/compta/categories/modifier.php?a=commitdiff_plain;h=dd1da90d4d82233dae8d43291eb4bd83a86dbc5d;p=lhc%2Fweb%2Fwiklou.git

(bug 31588, sort of) Jpeg metadata code wasn't handling padding bytes properly.

Per the spec, segments can have arbitrary runs of 0xFF's between segments that should be skipped.
---

diff --git a/includes/media/JpegMetadataExtractor.php b/includes/media/JpegMetadataExtractor.php
index 51b0ffa9d3..ae3ca8ed61 100644
--- a/includes/media/JpegMetadataExtractor.php
+++ b/includes/media/JpegMetadataExtractor.php
@@ -58,7 +58,7 @@ class JpegMetadataExtractor {
 				throw new MWException( 'Too many jpeg segments. Aborting' );
 			}
 			if ( $buffer !== "\xFF" ) {
-				throw new MWException( "Error reading jpeg file marker" );
+				throw new MWException( "Error reading jpeg file marker. Expected 0xFF but got " . bin2hex( $buffer ) );
 			}
 
 			$buffer = fread( $fh, 1 );
@@ -123,6 +123,9 @@ class JpegMetadataExtractor {
 			} elseif ( $buffer === "\xD9" || $buffer === "\xDA" ) {
 				// EOI - end of image or SOS - start of scan. either way we're past any interesting segments
 				return $segments;
+			} elseif ( $buffer === "\xFF" ) {
+				// Padding byte. Skip.
+				continue;
 			} else {
 				// segment we don't care about, so skip
 				$size = unpack( "nint", fread( $fh, 2 ) );