Fix #80366: Return Value of zend_fstat() not Checked

cmb69 · cmb69 · commit 5f9c82d51498 · 2020-11-24T13:09:16.000+01:00
In the somewhat unlikely case that `zend_fstat()` fails, we must not proceed executing the function, but return `false` instead. Patch based on the patch contributed by sagpant at microsoft dot com. Closes GH-6432.
diff --git a/NEWS b/NEWS
@@ -11,6 +11,9 @@ PHP                                                                        NEWS
   . Fixed bug #80362 (Running dtrace scripts can cause php to crash).
     (al at coralnet dot name)
 
+- Standard:
+  . Fixed bug #80366 (Return Value of zend_fstat() not Checked). (sagpant, cmb)
+
 - Tidy:
   . Fixed bug #77594 (ob_tidyhandler is never reset). (cmb)
 
diff --git a/ext/standard/iptc.c b/ext/standard/iptc.c
@@ -217,7 +217,9 @@ PHP_FUNCTION(iptcembed)
 	}
 
 	if (spool < 2) {
-		zend_fstat(fileno(fp), &sb);
+		if (zend_fstat(fileno(fp), &sb) != 0) {
+			RETURN_FALSE;
+		}
 
 		spoolbuf = zend_string_safe_alloc(1, iptcdata_len + sizeof(psheader) + 1024 + 1, sb.st_size, 0);
 		poi = (unsigned char*)ZSTR_VAL(spoolbuf);

Original file line number	Diff line number	Diff line change
`@@ -217,7 +217,9 @@ PHP_FUNCTION(iptcembed)`
`217`	`217`	`}`
`218`	`218`
`219`	`219`	`if (spool < 2) {`
`220`		`- zend_fstat(fileno(fp), &sb);`
	`220`	`+ if (zend_fstat(fileno(fp), &sb) != 0) {`
	`221`	`+ RETURN_FALSE;`
	`222`	`+ }`
`221`	`223`
`222`	`224`	`spoolbuf = zend_string_safe_alloc(1, iptcdata_len + sizeof(psheader) + 1024 + 1, sb.st_size, 0);`
`223`	`225`	`poi = (unsigned char*)ZSTR_VAL(spoolbuf);`