diff options
| author | Anatol Belski <ab@php.net> | 2017-04-22 21:59:07 +0200 |
|---|---|---|
| committer | Anatol Belski <ab@php.net> | 2017-04-22 21:59:07 +0200 |
| commit | bbe2a13395535cd6ec230001419b9a5855d9a31f (patch) | |
| tree | c1ee88eef0c4ea5f22a541a6d03c3d65e91b4b75 | |
| parent | 8db4bfedd4fcba74f559f77e3165d02988aa9347 (diff) | |
| parent | 91cb9a6ad1d1671ab737229975a2478e968def03 (diff) | |
| download | php-git-bbe2a13395535cd6ec230001419b9a5855d9a31f.tar.gz | |
Merge branch 'PHP-7.1'
* PHP-7.1:
#74337 pointer returned by php_stream_fopen_tmpfile not validated in memory.c
| -rw-r--r-- | main/streams/memory.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/main/streams/memory.c b/main/streams/memory.c index 253d1d8340..d41b2f5cfa 100644 --- a/main/streams/memory.c +++ b/main/streams/memory.c @@ -489,9 +489,14 @@ static int php_stream_temp_cast(php_stream *stream, int castas, void **ret) return FAILURE; } + file = php_stream_fopen_tmpfile(); + if (file == NULL) { + php_error_docref(NULL, E_WARNING, "Unable to create temporary file."); + return FAILURE; + } + /* perform the conversion and then pass the request on to the innerstream */ membuf = php_stream_memory_get_buffer(ts->innerstream, &memsize); - file = php_stream_fopen_tmpfile(); php_stream_write(file, membuf, memsize); pos = php_stream_tell(ts->innerstream); |