|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #70862 Several functions do not check return code of php_stream_copy_to_mem()
Submitted: 2015-11-05 15:20 UTC Modified: 2015-11-05 21:51 UTC
From: fabian at tag1consulting dot com Assigned: ab (profile)
Status: Closed Package: Streams related
PHP Version: 7.0Git-2015-11-05 (Git) OS: Linux / Ubuntu
Private report: No CVE-ID: None
 [2015-11-05 15:20 UTC] fabian at tag1consulting dot com
Follow-up to which had the same problem.


all have code similar to:

  ZVAL_STR(parameter, php_stream_copy_to_mem(stm, PHP_STREAM_COPY_ALL, 0));

in various variations.

However php_stream_copy_to_mem() can return NULL, which will make this code fail under certain circumstances.

./ext/pdo/pdo_stmt.c has probably the best code for the problem to solve in a generic way:

                                        buf = php_stream_copy_to_mem((php_stream*)value, PHP_STREAM_COPY_ALL, 0);
                                        if (buf == NULL) {
                                        } else {
                                                ZVAL_STR(dest, buf);

and this likely should be made into a macro:

ZVAL_STR_OR_EMPTY(dest, buf, stream);

Expected result:
All functions should check the return value of php_stream_copy_to_mem()

Actual result:
Some function do not yet check the return value. This could lead to bugs.


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2015-11-05 15:30 UTC]
-Assigned To: +Assigned To: ab
 [2015-11-05 21:50 UTC]
-Status: Assigned +Status: Closed
 [2015-11-05 21:51 UTC]
All the vulnerable places are covered now, multiple revisions :)
PHP Copyright © 2001-2023 The PHP Group
All rights reserved.
Last updated: Mon Sep 25 06:01:25 2023 UTC