Skip to content

Commit

Permalink
Fix #80366: Return Value of zend_fstat() not Checked
Browse files Browse the repository at this point in the history 
In the somewhat unlikely case that `zend_fstat()` fails, we must not
proceed executing the function, but return `false` instead.

Patch based on the patch contributed by sagpant at microsoft dot com.

Closes GH-6432.
  • Loading branch information
@cmb69
cmb69 committed Nov 24, 2020
1 parent fa713ec commit 5f9c82d
Show file tree
Hide file tree
Showing 2 changed files with 6 additions and 1 deletion.
3 changes: 3 additions & 0 deletions NEWS
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,9 @@ PHP NEWS
. Fixed bug #80362 (Running dtrace scripts can cause php to crash).
(al at coralnet dot name)

- Standard:
. Fixed bug #80366 (Return Value of zend_fstat() not Checked). (sagpant, cmb)

- Tidy:
. Fixed bug #77594 (ob_tidyhandler is never reset). (cmb)

Expand Down
4 changes: 3 additions & 1 deletion ext/standard/iptc.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -217,7 +217,9 @@ PHP_FUNCTION(iptcembed)
}

if (spool < 2) {
zend_fstat(fileno(fp), &sb);
if (zend_fstat(fileno(fp), &sb) != 0) {
RETURN_FALSE;
}

spoolbuf = zend_string_safe_alloc(1, iptcdata_len + sizeof(psheader) + 1024 + 1, sb.st_size, 0);
poi = (unsigned char*)ZSTR_VAL(spoolbuf);
Expand Down

0 comments on commit 5f9c82d

Please sign in to comment.