php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #68730 php_output_handler_start return value not checked in ext/tidy
Submitted: 2015-01-03 01:54 UTC Modified: 2021-11-11 11:51 UTC
From: honey at internot dot info Assigned: cmb (profile)
Status: Not a bug Package: Tidy (PECL)
PHP Version: * OS: *
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: honey at internot dot info
New email:
PHP Version: OS:

 

 [2015-01-03 01:54 UTC] honey at internot dot info 
Description:
------------
Hi,

In /ext/tidy/tidy.c:

1134                php_output_handler_start(h);

the return value is not checked, like it is everywhere else it is called

main/output.c-467-      php_output_handler_set_context(handler, output_handler, NULL);
main/output.c:468:      if (SUCCESS == php_output_handler_start(handler)) {
main/output.c-469-              return SUCCESS;
main/output.c-470-      }



ext/zlib/zlib.c:306:                                    (SUCCESS == php_output_handler_start(h))) {


etc.(rest of them are the same as output.c)

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2017-10-24 02:48 UTC] kalle@php.net
-Summary: missing check in place +Summary: php_output_handler_start return value not checked in ext/tidy -Status: Open +Status: Verified -Operating System: Linux Ubuntu 14.04 +Operating System: * -PHP Version: master-Git-2015-01-03 (Git) +PHP Version: *
 [2021-11-11 11:51 UTC] cmb@php.net
-Status: Verified +Status: Not a bug -Assigned To: +Assigned To: cmb
 [2021-11-11 11:51 UTC] cmb@php.net 
> the return value is not checked, like it is everywhere else it
> is called

This argument is moot; compare with the usage in
php_zlib_output_compression_start() for instance.  The value is
checked, because following code shouldn't be executed on failure.
However, potential failure is not propagated to RINIT, because
that would cause the request to fail.  The same holds for
php_tidy_clean_output_start().
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Fri Apr 26 01:01:30 2024 UTC