From c97d51fbf583e6c02298fa60e884eb673bc4019c Mon Sep 17 00:00:00 2001 From: "Christoph M. Becker" Date: Tue, 17 Nov 2020 14:42:22 +0100 Subject: [PATCH] Fix #80366: Return Value of zend_fstat() not Checked In the somewhat unlikely case that `zend_fstat()` fails, we must not proceed executing the function, but return `false` instead. Patch based on the patch contributed by sagpant at microsoft dot com. --- ext/standard/iptc.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/ext/standard/iptc.c b/ext/standard/iptc.c index f3c17dadd9254..985d1416f565f 100644 --- a/ext/standard/iptc.c +++ b/ext/standard/iptc.c @@ -217,7 +217,9 @@ PHP_FUNCTION(iptcembed) } if (spool < 2) { - zend_fstat(fileno(fp), &sb); + if (zend_fstat(fileno(fp), &sb) != 0) { + RETURN_FALSE; + } spoolbuf = zend_string_safe_alloc(1, iptcdata_len + sizeof(psheader) + 1024 + 1, sb.st_size, 0); poi = (unsigned char*)ZSTR_VAL(spoolbuf);