|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #80366 Potential issue in ext/standard/iptc.c: Return Value Not Checked
Submitted: 2020-11-13 19:12 UTC Modified: 2020-11-17 13:48 UTC
From: sagpant at microsoft dot com Assigned: cmb (profile)
Status: Closed Package: GetImageSize related
PHP Version: 7.4.12 OS:
Private report: No CVE-ID: None
View Add Comment Developer Edit
Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know!
Just going to say 'Me too!'? Don't clutter the database with that please !
Your email address:
Solve the problem:
19 - 13 = ?
Subscribe to this entry?

 [2020-11-13 19:12 UTC] sagpant at microsoft dot com
In this codebase, you often check the return value of the implicated function when calling it, but at this instance, it appears that you didn’t. Using a consistent return value checking and/or error handling approach can improve code robustness and readability.

File: PHP-7.4.12/ext/standard/iptc.c
Line Number: 220
Function: zend_fstat

Correct reference usage found in main/streams/plain_wrapper.c line: 160

Test script:
Analyzer points out inconsistencies in the code.


iptc_fix.patch (last revision 2020-11-13 19:32 UTC by sagpant at microsoft dot com)
iptc.patch (last revision 2020-11-13 19:12 UTC by sagpant at microsoft dot com)

Add a Patch

Pull Requests

Pull requests:

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2020-11-13 19:23 UTC]
Nits on the patch:

I prefer `== 0` over `!= 1`.
The nested if is unnecessary; combine it with the surrounding if.
 [2020-11-13 19:32 UTC] sagpant at microsoft dot com
The following patch has been added/updated:

Patch Name: iptc_fix.patch
Revision:   1605295925
 [2020-11-17 13:48 UTC]
-Status: Open +Status: Verified -Package: *General Issues +Package: GetImageSize related -Assigned To: +Assigned To: cmb
 [2020-11-17 13:48 UTC]
Thanks for reporting this issue and providing a patch.  I think we
have to bail out of the function if this zend_fstat() call fails,
 [2020-11-17 13:49 UTC]
The following pull request has been associated:

Patch Name: Fix #80366: Return Value of zend_fstat() not Checked
On GitHub:
 [2020-11-24 12:11 UTC]
Automatic comment on behalf of
Log: Fix #80366: Return Value of zend_fstat() not Checked
 [2020-11-24 12:11 UTC]
-Status: Verified +Status: Closed
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sat Jul 20 19:01:29 2024 UTC