PHP :: Bug #70862 :: Several functions do not check return code of php_stream_copy_to

Bug #70862	Several functions do not check return code of php_stream_copy_to_mem()
Submitted:	2015-11-05 15:20 UTC	Modified:	2015-11-05 21:51 UTC
From:	fabian at tag1consulting dot com	Assigned:	ab (profile)
Status:	Closed	Package:	Streams related
PHP Version:	7.0Git-2015-11-05 (Git)	OS:	Linux / Ubuntu
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	fabian at tag1consulting dot com
New email:
PHP Version:		OS:

New Comment:

[2015-11-05 15:20 UTC] fabian at tag1consulting dot com

Description:
------------
Follow-up to https://bugs.php.net/bug.php?id=70861 which had the same problem.

./ext/mbstring/mb_gpc.c
./ext/pdo_firebird/firebird_statement.c
./ext/pdo_mysql/mysql_statement.c
./ext/pdo_sqlite/sqlite_statement.c
./ext/sqlite3/sqlite3.c
./ext/standard/image.c

all have code similar to:

  ZVAL_STR(parameter, php_stream_copy_to_mem(stm, PHP_STREAM_COPY_ALL, 0));

in various variations.

However php_stream_copy_to_mem() can return NULL, which will make this code fail under certain circumstances.

./ext/pdo/pdo_stmt.c has probably the best code for the problem to solve in a generic way:

                                        buf = php_stream_copy_to_mem((php_stream*)value, PHP_STREAM_COPY_ALL, 0);
                                        if (buf == NULL) {
                                                ZVAL_EMPTY_STRING(dest);
                                        } else {
                                                ZVAL_STR(dest, buf);
                                        }

and this likely should be made into a macro:

ZVAL_STR_OR_EMPTY(dest, buf, stream);

Expected result:
----------------
All functions should check the return value of php_stream_copy_to_mem()

Actual result:
--------------
Some function do not yet check the return value. This could lead to bugs.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2015-11-05 15:30 UTC] laruence@php.net

-Assigned To: +Assigned To: ab

[2015-11-05 21:50 UTC] ab@php.net

-Status: Assigned +Status: Closed

[2015-11-05 21:51 UTC] ab@php.net

All the vulnerable places are covered now, multiple revisions :)

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Sat Apr 19 15:01:27 2025 UTC