php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #68730 php_output_handler_start return value not checked in ext/tidy
Submitted: 2015-01-03 01:54 UTC Modified: 2021-11-11 11:51 UTC
From: honey at internot dot info Assigned: cmb (profile)
Status: Not a bug Package: Tidy (PECL)
PHP Version: * OS: *
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: honey at internot dot info
New email:
PHP Version: OS:

 

 [2015-01-03 01:54 UTC] honey at internot dot info
Description:
------------
Hi,

In /ext/tidy/tidy.c:

1134                php_output_handler_start(h);

the return value is not checked, like it is everywhere else it is called

main/output.c-467-      php_output_handler_set_context(handler, output_handler, NULL);
main/output.c:468:      if (SUCCESS == php_output_handler_start(handler)) {
main/output.c-469-              return SUCCESS;
main/output.c-470-      }



ext/zlib/zlib.c:306:                                    (SUCCESS == php_output_handler_start(h))) {


etc.(rest of them are the same as output.c)


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2017-10-24 02:48 UTC] kalle@php.net
-Summary: missing check in place +Summary: php_output_handler_start return value not checked in ext/tidy -Status: Open +Status: Verified -Operating System: Linux Ubuntu 14.04 +Operating System: * -PHP Version: master-Git-2015-01-03 (Git) +PHP Version: *
 [2021-11-11 11:51 UTC] cmb@php.net
-Status: Verified +Status: Not a bug -Assigned To: +Assigned To: cmb
 [2021-11-11 11:51 UTC] cmb@php.net
> the return value is not checked, like it is everywhere else it
> is called

This argument is moot; compare with the usage in
php_zlib_output_compression_start() for instance.  The value is
checked, because following code shouldn't be executed on failure.
However, potential failure is not propagated to RINIT, because
that would cause the request to fail.  The same holds for
php_tidy_clean_output_start().
 
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Sat Nov 27 06:03:14 2021 UTC