From: Christoph M. Becker <cmbecker69@gmx.de>
Date: Tue, 17 Nov 2020 13:42:22 +0000 (+0100)
Subject: Fix #80366: Return Value of zend_fstat() not Checked
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=5f9c82d514980f96e5e88f6c2633571ce31b57a7;p=php

Fix #80366: Return Value of zend_fstat() not Checked

In the somewhat unlikely case that `zend_fstat()` fails, we must not
proceed executing the function, but return `false` instead.

Patch based on the patch contributed by sagpant at microsoft dot com.

Closes GH-6432.
---

diff --git a/NEWS b/NEWS
index 9b701be3fa..5661ce119d 100644
--- a/NEWS
+++ b/NEWS
@@ -11,6 +11,9 @@ PHP                                                                        NEWS
   . Fixed bug #80362 (Running dtrace scripts can cause php to crash).
     (al at coralnet dot name)
 
+- Standard:
+  . Fixed bug #80366 (Return Value of zend_fstat() not Checked). (sagpant, cmb)
+
 - Tidy:
   . Fixed bug #77594 (ob_tidyhandler is never reset). (cmb)
 
diff --git a/ext/standard/iptc.c b/ext/standard/iptc.c
index f3c17dadd9..985d1416f5 100644
--- a/ext/standard/iptc.c
+++ b/ext/standard/iptc.c
@@ -217,7 +217,9 @@ PHP_FUNCTION(iptcembed)
 	}
 
 	if (spool < 2) {
-		zend_fstat(fileno(fp), &sb);
+		if (zend_fstat(fileno(fp), &sb) != 0) {
+			RETURN_FALSE;
+		}
 
 		spoolbuf = zend_string_safe_alloc(1, iptcdata_len + sizeof(psheader) + 1024 + 1, sb.st_size, 0);
 		poi = (unsigned char*)ZSTR_VAL(spoolbuf);