Fix #71848: getimagesize with $imageinfo returns false

Some JFIF images contain empty APP segments, i.e. those which consist
only of the marker bytes and the length, but without actual content.
It appears to be doubtful to have empty APP segments, but we should
apply the robustness principle, and accept these, instead of simply
failing in this case.

We choose to add empty APP segments to $imageinfo with an empty string
as value, instead of NULL, or even to omit these segments altogether.

This patch also fixes the potential issue that php_stream_read() might
not read the supposed number of bytes, which could result in garbage to
be added to the read value.

NEWS

@@ -32,6 +32,7 @@ PHP                                                                        NEWS
 - Standard:
   . Fixed bug #76505 (array_merge_recursive() is duplicating sub-array keys).
     (Laruence)
+  . Fixed bug #71848 (getimagesize with $imageinfo returns false). (cmb)
 
 22 Jun 2019, PHP 7.1.19
 

ext/standard/image.c

@@ -453,7 +453,7 @@ static int php_read_APP(php_stream * stream, unsigned int marker, zval *info)
 
 	buffer = emalloc(length);
 
-	if (php_stream_read(stream, buffer, (zend_long) length) <= 0) {
+	if (php_stream_read(stream, buffer, (zend_long) length) != length) {
 		efree(buffer);
 		return 0;
 	}

ext/standard/tests/image/bug71848.phpt

@@ -0,0 +1,32 @@
+--TEST--
+Bug #71848 (getimagesize with $imageinfo returns false)
+--FILE--
+<?php
+var_dump(getimagesize(__DIR__ . '/bug71848.jpg', $info));
+var_dump(array_keys($info));
+?>
+===DONE===
+--EXPECT--
+array(7) {
+  [0]=>
+  int(8)
+  [1]=>
+  int(8)
+  [2]=>
+  int(2)
+  [3]=>
+  string(20) "width="8" height="8""
+  ["bits"]=>
+  int(8)
+  ["channels"]=>
+  int(3)
+  ["mime"]=>
+  string(10) "image/jpeg"
+}
+array(2) {
+  [0]=>
+  string(4) "APP0"
+  [1]=>
+  string(4) "APP5"
+}
+===DONE===