Fix #80366: Return Value of zend_fstat() not Checked

In the somewhat unlikely case that `zend_fstat()` fails, we must not
proceed executing the function, but return `false` instead.

Patch based on the patch contributed by sagpant at microsoft dot com.

Closes GH-6432.

diff --git a/NEWS b/NEWS
index 9b701be3faa122fb0703e0501a4c75743b6e04b3..5661ce119d3a50ee6521829645aee564457f52eb 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -11,6 +11,9 @@ PHP                                                                        NEWS
   . Fixed bug #80362 (Running dtrace scripts can cause php to crash).
     (al at coralnet dot name)
 
+- Standard:
+  . Fixed bug #80366 (Return Value of zend_fstat() not Checked). (sagpant, cmb)
+
 - Tidy:
   . Fixed bug #77594 (ob_tidyhandler is never reset). (cmb)
 

diff --git a/ext/standard/iptc.c b/ext/standard/iptc.c
index f3c17dadd92546f54bdad66d1eaa0d5b7bf50026..985d1416f565fac66be56fb9165ce769eb4678e4 100644 (file)
--- a/ext/standard/iptc.c
+++ b/ext/standard/iptc.c
@@ -217,7 +217,9 @@ PHP_FUNCTION(iptcembed)
        }
 
        if (spool < 2) {
-               zend_fstat(fileno(fp), &sb);
+               if (zend_fstat(fileno(fp), &sb) != 0) {
+                       RETURN_FALSE;
+               }
 
                spoolbuf = zend_string_safe_alloc(1, iptcdata_len + sizeof(psheader) + 1024 + 1, sb.st_size, 0);
                poi = (unsigned char*)ZSTR_VAL(spoolbuf);