MFH: Fixed bug #30658 (Ensure that temporary files created by GD are removed).

diff --git a/NEWS b/NEWS
index c52eaf4ce9a60af7e91af6ce03d7ad16e5d10d30..7be83609a70ed02012ce8b3ff8a71799677df23c 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -4,6 +4,8 @@ PHP 4                                                                      NEWS
 - Fixed a bug in addslashes() handling of the '\0' character. (Ilia)
 - Backported Marcus' foreach() speedup patch from PHP 5.x. (Derick)
 - Fixed potential problems with unserializing invalid serialize data. (Marcus)
+- Fixed bug #30658 (Ensure that temporary files created by GD are removed).
+  (Ilia)
 - Fixed bug #30613 (Prevent infinite recursion in url redirection). (Ilia)
 - Fixed bug #30475 (curl_getinfo() may crash in some situations). (Ilia)
 - Fixed bug #30442 (segfault when parsing ?getvariable[][ ). (Tony)

diff --git a/ext/gd/gd.c b/ext/gd/gd.c
index 803c0124d55f680859961457cca0687154f13655..efe7eee8434543a31938687161a5866a0cc5f4bd 100644 (file)
--- a/ext/gd/gd.c
+++ b/ext/gd/gd.c
@@ -1663,8 +1663,9 @@ static void _php_image_output(INTERNAL_FUNCTION_PARAMETERS, int image_type, char
                int   b;
                FILE *tmp;
                char  buf[4096];
+               char *path;
 
-               tmp = php_open_temporary_file("", "", NULL TSRMLS_CC);
+               tmp = php_open_temporary_file("", "", &path TSRMLS_CC);
                if (tmp == NULL) {
                        php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unable to open temporary file");
                        RETURN_FALSE;
@@ -1717,7 +1718,8 @@ static void _php_image_output(INTERNAL_FUNCTION_PARAMETERS, int image_type, char
                }
 
                fclose(tmp);
-               /* the temporary file is automatically deleted */
+               VCWD_UNLINK((const char *)path); /* make sure that the temporary file is removed */
+               efree(path);
        }
        RETURN_TRUE;
 }