php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #80366 Potential issue in ext/standard/iptc.c: Return Value Not Checked
Submitted: 2020-11-13 19:12 UTC Modified: 2020-11-17 13:48 UTC
From: sagpant at microsoft dot com Assigned: cmb (profile)
Status: Closed Package: GetImageSize related
PHP Version: 7.4.12 OS:
Private report: No CVE-ID: None
 [2020-11-13 19:12 UTC] sagpant at microsoft dot com
Description:
------------
In this codebase, you often check the return value of the implicated function when calling it, but at this instance, it appears that you didn’t. Using a consistent return value checking and/or error handling approach can improve code robustness and readability.

File: PHP-7.4.12/ext/standard/iptc.c
Line Number: 220
Function: zend_fstat

Correct reference usage found in main/streams/plain_wrapper.c line: 160

Test script:
---------------
Analyzer points out inconsistencies in the code.


Patches

iptc_fix.patch (last revision 2020-11-13 19:32 UTC by sagpant at microsoft dot com)
iptc.patch (last revision 2020-11-13 19:12 UTC by sagpant at microsoft dot com)

Pull Requests

Pull requests:

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2020-11-13 19:23 UTC] levim@php.net
Nits on the patch:

I prefer `== 0` over `!= 1`.
The nested if is unnecessary; combine it with the surrounding if.
 [2020-11-13 19:32 UTC] sagpant at microsoft dot com
The following patch has been added/updated:

Patch Name: iptc_fix.patch
Revision:   1605295925
URL:        https://bugs.php.net/patch-display.php?bug=80366&patch=iptc_fix.patch&revision=1605295925
 [2020-11-17 13:48 UTC] cmb@php.net
-Status: Open +Status: Verified -Package: *General Issues +Package: GetImageSize related -Assigned To: +Assigned To: cmb
 [2020-11-17 13:48 UTC] cmb@php.net
Thanks for reporting this issue and providing a patch.  I think we
have to bail out of the function if this zend_fstat() call fails,
though.
 [2020-11-17 13:49 UTC] cmb@php.net
The following pull request has been associated:

Patch Name: Fix #80366: Return Value of zend_fstat() not Checked
On GitHub:  https://github.com/php/php-src/pull/6432
Patch:      https://github.com/php/php-src/pull/6432.patch
 [2020-11-24 12:11 UTC] cmb@php.net
Automatic comment on behalf of cmbecker69@gmx.de
Revision: http://git.php.net/?p=php-src.git;a=commit;h=5f9c82d514980f96e5e88f6c2633571ce31b57a7
Log: Fix #80366: Return Value of zend_fstat() not Checked
 [2020-11-24 12:11 UTC] cmb@php.net
-Status: Verified +Status: Closed
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Nov 21 12:01:29 2024 UTC