From dd1da90d4d82233dae8d43291eb4bd83a86dbc5d Mon Sep 17 00:00:00 2001
From: Brian Wolff <bawolff@users.mediawiki.org>
Date: Tue, 11 Oct 2011 14:05:23 +0000
Subject: [PATCH] (bug 31588, sort of) Jpeg metadata code wasn't handling
 padding bytes properly.

Per the spec, segments can have arbitrary runs of 0xFF's between segments that should be skipped.
---
 includes/media/JpegMetadataExtractor.php | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/includes/media/JpegMetadataExtractor.php b/includes/media/JpegMetadataExtractor.php
index 51b0ffa9d3..ae3ca8ed61 100644
--- a/includes/media/JpegMetadataExtractor.php
+++ b/includes/media/JpegMetadataExtractor.php
@@ -58,7 +58,7 @@ class JpegMetadataExtractor {
 				throw new MWException( 'Too many jpeg segments. Aborting' );
 			}
 			if ( $buffer !== "\xFF" ) {
-				throw new MWException( "Error reading jpeg file marker" );
+				throw new MWException( "Error reading jpeg file marker. Expected 0xFF but got " . bin2hex( $buffer ) );
 			}
 
 			$buffer = fread( $fh, 1 );
@@ -123,6 +123,9 @@ class JpegMetadataExtractor {
 			} elseif ( $buffer === "\xD9" || $buffer === "\xDA" ) {
 				// EOI - end of image or SOS - start of scan. either way we're past any interesting segments
 				return $segments;
+			} elseif ( $buffer === "\xFF" ) {
+				// Padding byte. Skip.
+				continue;
 			} else {
 				// segment we don't care about, so skip
 				$size = unpack( "nint", fread( $fh, 2 ) );
-- 
2.20.1