Posted by Hans Jerry Illikainen on Jul 25

PHP 7.0.8, 5.6.23 and 5.5.37 does not perform adequate error handling in
its `bzread()’ function:

php-7.0.8/ext/bz2/bz2.c
,—-
| 364 static PHP_FUNCTION(bzread)
| 365 {
| …
| 382 ZSTR_LEN(data) = php_stream_read(stream, ZSTR_VAL(data), ZSTR_LEN(data));
| 383 ZSTR_VAL(data)[ZSTR_LEN(data)] = ”;
| 384
| 385 RETURN_NEW_STR(data);
| 386 }
`—-

php-7.0.8/ext/bz2/bz2.c
,—-
| 210 php_stream_ops php_stream_bz2io_ops…