Commit 6317a472f44 for php.net

commit 6317a472f4435af7e9869c9e594fa8680412430a
Author: Eyüp Can Akman <eyupcanakman@gmail.com>
Date:   Fri Jun 26 19:09:26 2026 +0300

    ext/exif: Fix GH-11020: spurious "Illegal IFD size" warning in exif_read_data()

    When an IFD is not followed by a 4-byte next-IFD offset, the EXIF block has no further IFD.
    Treat that as the end of the chain and return the parsed tags, instead of warning and discarding them.
    The bounds check from bug #72094 still applies, so the absent offset bytes are never read.

    Closes GH-22486

diff --git a/NEWS b/NEWS
index 012a28ffe6c..766daa2ee51 100644
--- a/NEWS
+++ b/NEWS
@@ -2,6 +2,10 @@ PHP                                                                        NEWS
 |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
 ?? ??? ????, PHP 8.4.24

+- Exif:
+  . Fixed bug GH-11020 (exif_read_data() emits a spurious "Illegal IFD size"
+    warning when an IFD is not followed by a next-IFD offset). (Eyüp Can Akman)
+
 - Hash:
   . Fixed bug GH-18173 (ext/hash relies on implementation-defined malloc
     alignment). (iliaal)
diff --git a/ext/exif/exif.c b/ext/exif/exif.c
index 58e6d280105..1b57377ffb8 100644
--- a/ext/exif/exif.c
+++ b/ext/exif/exif.c
@@ -3642,8 +3642,14 @@ static bool exif_process_IFD_in_JPEG(image_info_type *ImageInfo, char *dir_start
 	 * There are 2 IDFs, the second one holds the keys (0x0201 and 0x0202) to the thumbnail
 	 */
 	if (!exif_offset_info_contains(info, dir_start+2+NumDirEntries*12, 4)) {
-		exif_error_docref("exif_read_data#error_ifd" EXIFERR_CC, ImageInfo, E_WARNING, "Illegal IFD size");
-		return false;
+		/*
+		 * A TIFF/EXIF IFD ends with a 4-byte offset to the next IFD (IFD1 here,
+		 * which links the thumbnail), or zero when there is none. Some files end
+		 * the EXIF segment right after the entries and omit those 4 bytes. A
+		 * missing offset is valid and just means there is no next IFD, so stop
+		 * here instead of reporting the size as illegal.
+		 */
+		return true;
 	}

 	if (tag != TAG_EXIF_IFD_POINTER && tag != TAG_GPS_IFD_POINTER) {
diff --git a/ext/exif/tests/bug72094.phpt b/ext/exif/tests/bug72094.phpt
index c13a85f93f0..8fb3fa97c83 100644
--- a/ext/exif/tests/bug72094.phpt
+++ b/ext/exif/tests/bug72094.phpt
@@ -47,8 +47,6 @@

 Warning: exif_read_data(bug72094_3.jpg): Process tag(x3030=UndefinedTag): Illegal format code 0x3030, suppose BYTE in %s%ebug72094.php on line %d

-Warning: exif_read_data(bug72094_3.jpg): Illegal IFD size in %s%ebug72094.php on line %d
-
 Warning: exif_read_data(bug72094_3.jpg): File structure corrupted in %s%ebug72094.php on line %d

 Warning: exif_read_data(bug72094_3.jpg): Invalid JPEG file in %s%ebug72094.php on line %d
diff --git a/ext/exif/tests/gh11020.jpg b/ext/exif/tests/gh11020.jpg
new file mode 100644
index 00000000000..1f978a75761
Binary files /dev/null and b/ext/exif/tests/gh11020.jpg differ
diff --git a/ext/exif/tests/gh11020.phpt b/ext/exif/tests/gh11020.phpt
new file mode 100644
index 00000000000..0c88605749b
--- /dev/null
+++ b/ext/exif/tests/gh11020.phpt
@@ -0,0 +1,12 @@
+--TEST--
+GH-11020 (exif_read_data() emits a spurious "Illegal IFD size" warning when an IFD is not followed by a next-IFD offset)
+--EXTENSIONS--
+exif
+--FILE--
+<?php
+$data = exif_read_data(__DIR__ . '/gh11020.jpg');
+var_dump(is_array($data), $data['Orientation']);
+?>
+--EXPECT--
+bool(true)
+int(1)