summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAnatol Belski <ab@php.net>2017-04-22 21:58:10 +0200
committerAnatol Belski <ab@php.net>2017-04-22 21:58:10 +0200
commit91cb9a6ad1d1671ab737229975a2478e968def03 (patch)
tree3674cf9102fa053d3a9ba7dc4cfa804d5fcbf11d
parent000fe3aacce427eba082f12610b3b50f025b5e6a (diff)
parent793a8bd886bc0cb7754b0d824406b538b4069fc3 (diff)
downloadphp-git-91cb9a6ad1d1671ab737229975a2478e968def03.tar.gz
Merge branch 'PHP-7.0' into PHP-7.1
* PHP-7.0: #74337 pointer returned by php_stream_fopen_tmpfile not validated in memory.c
-rw-r--r--main/streams/memory.c7
1 files changed, 6 insertions, 1 deletions
diff --git a/main/streams/memory.c b/main/streams/memory.c
index b1483e0786..39578dcffa 100644
--- a/main/streams/memory.c
+++ b/main/streams/memory.c
@@ -501,9 +501,14 @@ static int php_stream_temp_cast(php_stream *stream, int castas, void **ret)
return FAILURE;
}
+ file = php_stream_fopen_tmpfile();
+ if (file == NULL) {
+ php_error_docref(NULL, E_WARNING, "Unable to create temporary file.");
+ return FAILURE;
+ }
+
/* perform the conversion and then pass the request on to the innerstream */
membuf = php_stream_memory_get_buffer(ts->innerstream, &memsize);
- file = php_stream_fopen_tmpfile();
php_stream_write(file, membuf, memsize);
pos = php_stream_tell(ts->innerstream);