diff options
| author | Anton Serbulov <aserbulov@plesk.com> | 2017-04-14 15:26:13 +0700 |
|---|---|---|
| committer | Anatol Belski <ab@php.net> | 2017-04-22 21:56:37 +0200 |
| commit | 793a8bd886bc0cb7754b0d824406b538b4069fc3 (patch) | |
| tree | a638397392eb610af79d77aa272cfda065bc829f | |
| parent | 9b7f13cb1b750d2dcac441945ab7cc1600fc080b (diff) | |
| download | php-git-793a8bd886bc0cb7754b0d824406b538b4069fc3.tar.gz | |
#74337 pointer returned by php_stream_fopen_tmpfile not validated in memory.c
| -rw-r--r-- | main/streams/memory.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/main/streams/memory.c b/main/streams/memory.c index 6e3d1dd0c1..f4fd6a8f02 100644 --- a/main/streams/memory.c +++ b/main/streams/memory.c @@ -501,9 +501,14 @@ static int php_stream_temp_cast(php_stream *stream, int castas, void **ret) return FAILURE; } + file = php_stream_fopen_tmpfile(); + if (file == NULL) { + php_error_docref(NULL, E_WARNING, "Unable to create temporary file."); + return FAILURE; + } + /* perform the conversion and then pass the request on to the innerstream */ membuf = php_stream_memory_get_buffer(ts->innerstream, &memsize); - file = php_stream_fopen_tmpfile(); php_stream_write(file, membuf, memsize); pos = php_stream_tell(ts->innerstream); |