From 793a8bd886bc0cb7754b0d824406b538b4069fc3 Mon Sep 17 00:00:00 2001 From: Anton Serbulov Date: Fri, 14 Apr 2017 15:26:13 +0700 Subject: #74337 pointer returned by php_stream_fopen_tmpfile not validated in memory.c --- main/streams/memory.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'main') diff --git a/main/streams/memory.c b/main/streams/memory.c index 6e3d1dd0c1..f4fd6a8f02 100644 --- a/main/streams/memory.c +++ b/main/streams/memory.c @@ -501,9 +501,14 @@ static int php_stream_temp_cast(php_stream *stream, int castas, void **ret) return FAILURE; } + file = php_stream_fopen_tmpfile(); + if (file == NULL) { + php_error_docref(NULL, E_WARNING, "Unable to create temporary file."); + return FAILURE; + } + /* perform the conversion and then pass the request on to the innerstream */ membuf = php_stream_memory_get_buffer(ts->innerstream, &memsize); - file = php_stream_fopen_tmpfile(); php_stream_write(file, membuf, memsize); pos = php_stream_tell(ts->innerstream); -- cgit v1.2.1