imagecreatefromjpeg failure

[phppup]

After working with the sample imagecreatefromjpeg provided in the PHP manual, I successfully got a result (after clearing my cache) from

Quote

imagecreatefromjpeg($im, $file);

I've gotten a good education after navigating this function over the past week, and loaded it with ECHO messages to give me insight.

Everything was going fine.

And then, this ONE test image came along.

Apparently, the image (which is as good aj peg as I can find) FAILS the if(!im) test.

When I used echo $im;  

i discovered that when images pass through the function, they receive a "Resource" name.

Images that FAIL are NOT named.

This image gets a Resource name, yet FAILS. Is there a problem with my logic? A problem with the image? What would cause this? How can I verify?

[requinix]

Post code and error messages.

[Barand]

You can't just echo $im to view the image, you need to send a type header then output it with imagejpeg()

$im = imagecreatefromjpeg('my_image.jpg');

// output the image
header("Content-type: image/jpeg");
imagejpeg($im);

 

[phppup]

Quote

    $im = @imagecreatefromjpeg($file);

if($im == "")  {

echo "1";} else { echo "00"; }
   }

    //See if it failed
    if(!$im)  {
     echo "running";

 //Unaltered manipulation code from https://www.php.net/manual/en/function.imagecreatefromjpeg.php

    }

    ////return $im;

//displays RESOURCE ID
echo "<br> im is ". $im;
echo "<br>";

header('Content-Type: image/jpeg');

//imagejpeg($img);

imagejpeg($im, $file);

echo "<img src='".$file."'> ;

 

My messages that seem in conflict with the result are

Quote

1runningi

im is Resource id #19

Is there a way to validate WHY this result was given by the function?

Edited March 28 by phppup

[requinix]

1. Don't use @.
2. $im will never be a string. It does not make sense to compare it to a string. Don't do that either.

Read the documentation to find out exactly what imagecreatefromjpeg does.

[phppup]

For 1 - okay. How can I force an error message just to see how it appears?

For 2 - ok, but why does 

echo $im; 

Give me the string beginning with Resource? (I honestly wasn't expecting that result).

How can I go deeper to determine WHY a (perfectly good) image failed?

[requinix]

49 minutes ago, phppup said:

For 1 - okay. How can I force an error message just to see how it appears?

Make $file be a non-JPEG image.

 

49 minutes ago, phppup said:

For 2 - ok, but why does 

echo $im; 

Give me the string beginning with Resource? (I honestly wasn't expecting that result).

Because $im is a resource and if you want to echo it out then PHP needs to do something.

 

49 minutes ago, phppup said:

How can I go deeper to determine WHY a (perfectly good) image failed?

Remove the @ and look for error messages.

[phppup]

I've cleaned up a few things, but this error message remains:

Warning:....failed to open stream: No such file or directory in...

I am simultaneously uploading three jpeg files from the same folder during my development / testing and this is the ONLY image that is being rejected.

Reason? Explanation? Solution?

Thanks.

[requinix]

8 hours ago, phppup said:

Reason? Explanation? Solution?

The reason would be that there is no such file or directory. The explanation would be somewhere in your code. The solution is

[phppup]

How is that possible if the other two test files originate from the same folder? Clearly it (and the path) exists.

How can I drill down for a deeper explanation?

 

Also, I've realized that some images do not refresh unless browser history / cache is cleared.

Research send to point to using no-cache headers or a flush directive. What is the best/suggested method?

[kicken]

On 3/29/2021 at 7:28 AM, phppup said:

I am simultaneously uploading three jpeg files

Do you mean uploading via PHP?  Have to properly verified that the upload was successful?  Maybe the upload is failing for that one file (too large?) and so you end up with $file referencing something that doesn't exist.

[Barand]

Are you sure it really is a jpeg file? You cannot rely on the file extension.

Use getimagesize() to check actual type.

[Barand]

Evidently not good enough, the correct syntax is

$im = imagecreatefromjpeg($file);

 

[phppup]

I've got this working thanks to everybody that's assisted.

Now I've got a more academic question: what exactly is

$im = imagecreatefromjpeg($file); 

doing when it runs?

More directly, suppose a malicious actor places evil code into a jpeg file that passes thru this function.

Quote

$im = imagecreatefromjpeg($file); 

if(!$im)
    {

echo "image failed";

} else { 

echo "file is good";  }

Will the file always fail?

Or is it more prudent to continue with:

$file = $im; //overwrite with $im

Because $im will somehow be 'cleansed' of the evil code that had been inserted.

Is continuing with $file safe if it passed this examination?

I'm trying to understand the inner workings, especially since I'm using this more as a security measures than a file reproduction method.

[Barand]

I can't see your code ...

$file = $im; 

... helping much. If you want to write the GD image in memory (that was created by imagecreatefromjpeg()) back to the file in jpeg format, then use

imagejpeg($im, $file);

I do not know if this sequence has any cleansing effect though.

[phppup]

I guess it depends on what is being examined (and retained) by imagecreatefromjpeg().

Surely it's examining more than just the file extension to determine whether true or false.

And if an image does PASS (as true) but contains malicious code, is it nullified?

Suppose I take a 10 kb jpeg and incorporate 1 MB of evil scripting. The uploaded file is now the size of that sum, right?

What size will it be after running through imagecreatefromjpeg? 

Does the process evaluate the file and eliminate/erase/void pieces that are not color/image related??

(Maybe I should learn to hack so I can test it myself, LoL)

 

Edited April 15 by phppup
Typos

[gizmola]

Imagecreatefromjpeg is part of the GD library.  You can examine the source code by looking at the underlying libgd code.