php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #68730 php_output_handler_start return value not checked in ext/tidy
Submitted: 2015-01-03 01:54 UTC Modified: 2021-11-11 11:51 UTC
From: honey at internot dot info Assigned: cmb (profile)
Status: Not a bug Package: Tidy (PECL)
PHP Version: * OS: *
Private report: No CVE-ID: None
View Add Comment Developer Edit
Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know!
Just going to say 'Me too!'? Don't clutter the database with that please !
Your email address:
MUST BE VALID
Solve the problem:
13 + 11 = ?
Subscribe to this entry?

 
 [2015-01-03 01:54 UTC] honey at internot dot info
Description:
------------
Hi,

In /ext/tidy/tidy.c:

1134                php_output_handler_start(h);

the return value is not checked, like it is everywhere else it is called

main/output.c-467-      php_output_handler_set_context(handler, output_handler, NULL);
main/output.c:468:      if (SUCCESS == php_output_handler_start(handler)) {
main/output.c-469-              return SUCCESS;
main/output.c-470-      }



ext/zlib/zlib.c:306:                                    (SUCCESS == php_output_handler_start(h))) {


etc.(rest of them are the same as output.c)


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2017-10-24 02:48 UTC] kalle@php.net
-Summary: missing check in place +Summary: php_output_handler_start return value not checked in ext/tidy -Status: Open +Status: Verified -Operating System: Linux Ubuntu 14.04 +Operating System: * -PHP Version: master-Git-2015-01-03 (Git) +PHP Version: *
 [2021-11-11 11:51 UTC] cmb@php.net
-Status: Verified +Status: Not a bug -Assigned To: +Assigned To: cmb
 [2021-11-11 11:51 UTC] cmb@php.net
> the return value is not checked, like it is everywhere else it
> is called

This argument is moot; compare with the usage in
php_zlib_output_compression_start() for instance.  The value is
checked, because following code shouldn't be executed on failure.
However, potential failure is not propagated to RINIT, because
that would cause the request to fail.  The same holds for
php_tidy_clean_output_start().
 
PHP Copyright © 2001-2022 The PHP Group
All rights reserved.
Last updated: Thu Jan 27 12:03:34 2022 UTC