PHP :: Bug #80366 :: Potential issue in ext/standard/iptc.c: Return Value Not Checked

Bug #80366	Potential issue in ext/standard/iptc.c: Return Value Not Checked
Submitted:	2020-11-13 19:12 UTC	Modified:	2020-11-17 13:48 UTC
From:	sagpant at microsoft dot com	Assigned:	cmb (profile)
Status:	Closed	Package:	GetImageSize related
PHP Version:	7.4.12	OS:
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	sagpant at microsoft dot com
New email:
PHP Version:		OS:

New Comment:

[2020-11-13 19:12 UTC] sagpant at microsoft dot com

Description:
------------
In this codebase, you often check the return value of the implicated function when calling it, but at this instance, it appears that you didn’t. Using a consistent return value checking and/or error handling approach can improve code robustness and readability.

File: PHP-7.4.12/ext/standard/iptc.c
Line Number: 220
Function: zend_fstat

Correct reference usage found in main/streams/plain_wrapper.c line: 160

Test script:
---------------
Analyzer points out inconsistencies in the code.

Patches

iptc_fix.patch (last revision 2020-11-13 19:32 UTC by sagpant at microsoft dot com)
iptc.patch (last revision 2020-11-13 19:12 UTC by sagpant at microsoft dot com)

Pull Requests

Pull requests:

Fix #80366: Return Value of zend_fstat() not Checked (php-src/6432)

History

AllCommentsChangesGit/SVN commitsRelated reports

[2020-11-13 19:23 UTC] levim@php.net

Nits on the patch:

I prefer `== 0` over `!= 1`.
The nested if is unnecessary; combine it with the surrounding if.

[2020-11-13 19:32 UTC] sagpant at microsoft dot com

The following patch has been added/updated:

Patch Name: iptc_fix.patch
Revision:   1605295925
URL:        https://bugs.php.net/patch-display.php?bug=80366&patch=iptc_fix.patch&revision=1605295925

[2020-11-17 13:48 UTC] cmb@php.net

-Status: Open +Status: Verified -Package: *General Issues +Package: GetImageSize related -Assigned To: +Assigned To: cmb

[2020-11-17 13:48 UTC] cmb@php.net

Thanks for reporting this issue and providing a patch.  I think we
have to bail out of the function if this zend_fstat() call fails,
though.

[2020-11-17 13:49 UTC] cmb@php.net

The following pull request has been associated:

Patch Name: Fix #80366: Return Value of zend_fstat() not Checked
On GitHub:  https://github.com/php/php-src/pull/6432
Patch:      https://github.com/php/php-src/pull/6432.patch

[2020-11-24 12:11 UTC] cmb@php.net

Automatic comment on behalf of cmbecker69@gmx.de
Revision: http://git.php.net/?p=php-src.git;a=commit;h=5f9c82d514980f96e5e88f6c2633571ce31b57a7
Log: Fix #80366: Return Value of zend_fstat() not Checked

[2020-11-24 12:11 UTC] cmb@php.net

-Status: Verified +Status: Closed

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Sun Oct 27 16:01:27 2024 UTC