perdedora/leftypol
1
0
Fork 0
forked from leftypol/leftypol
Code Pull requests Activity

PngExifReader.php: add maximum chunk limit

Browse source
This commit is contained in:
Zankaria 2025-03-23 21:59:47 +01:00
parent 7d8374a45d
commit 83bf65e9be
1 changed files with 3 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

5
inc/Data/Driver/Metadata/PngExifReader.php
View file

@ -4,7 +4,8 @@ namespace Vichan\Data\Driver\Metadata;
class PngExifReader implements ExifReader {
// Chunks larger than this will be ignored.
private const MAX_CHUNK_SIZE = 1048576; // 1 MB
private const MAX_CHUNK_SIZE = 1048576; // 1 MB.
private const MAX_CHUNK_COUNT = 32; // 1 MB
private const ORIENTATION_TAG_ID = 0x0112;
// Exif data type identifier.
private const TYPE_SHORT = 0x3;
@ -111,7 +112,7 @@ class PngExifReader implements ExifReader {
// Loop through the PNG's chunks. Byte 0-3 is length, Byte 4-7 is type.
$chunkHeader = \fread($fd, 8);
while ($chunkHeader) {
for ($i = 0; $chunkHeader && $i < self::MAX_CHUNK_COUNT; $i++) {
// Extract length and type from binary data.
$chunk = @\unpack('Nsize/a4type', $chunkHeader);