#74337 pointer returned by php_stream_fopen_tmpfile not validated in memory.c

author Anton Serbulov <aserbulov@plesk.com>

Fri, 14 Apr 2017 08:26:13 +0000 (15:26 +0700)

committer Anatol Belski <ab@php.net>

Sat, 22 Apr 2017 19:56:37 +0000 (21:56 +0200)
author Anton Serbulov <aserbulov@plesk.com>
Fri, 14 Apr 2017 08:26:13 +0000 (15:26 +0700)
committer Anatol Belski <ab@php.net>
Sat, 22 Apr 2017 19:56:37 +0000 (21:56 +0200)
diff --git a/main/streams/memory.c b/main/streams/memory.c

index 6e3d1dd0c1e22b0ea21a00a416fcfc97fd213083..f4fd6a8f02912775879b5bab6653860b32be3d33 100644 (file)
--- a/main/streams/memory.c
+++ b/main/streams/memory.c
@@ -501,9 +501,14 @@ static int php_stream_temp_cast(php_stream *stream, int castas, void **ret)
                 return FAILURE;
         }
  
+       file = php_stream_fopen_tmpfile();
+       if (file == NULL) {
+               php_error_docref(NULL, E_WARNING, "Unable to create temporary file.");
+               return FAILURE;
+       }
+
         /* perform the conversion and then pass the request on to the innerstream */
         membuf = php_stream_memory_get_buffer(ts->innerstream, &memsize);
-       file = php_stream_fopen_tmpfile();
         php_stream_write(file, membuf, memsize);
         pos = php_stream_tell(ts->innerstream);
author	Anton Serbulov <aserbulov@plesk.com>
	Fri, 14 Apr 2017 08:26:13 +0000 (15:26 +0700)
committer	Anatol Belski <ab@php.net>
	Sat, 22 Apr 2017 19:56:37 +0000 (21:56 +0200)