- limit writing of field data to field len + 1

  This fixed many memory overrun errors which appeared
	in several scripts when writing a record.

diff --git a/ext/dbase/dbase.c b/ext/dbase/dbase.c
index 43a8dfd89eb7a27d7e811366f154900eebd28781..7bcc7f70263d7a24d2b6449599425f0c115c37c4 100644 (file)
--- a/ext/dbase/dbase.c
+++ b/ext/dbase/dbase.c
@@ -294,7 +294,7 @@ PHP_FUNCTION(dbase_add_record)
                tmp = **field;
                zval_copy_ctor(&tmp);
                convert_to_string(&tmp);
-               sprintf(t_cp, cur_f->db_format, Z_STRVAL(tmp));
+               snprintf(t_cp, cur_f->db_flen+1, cur_f->db_format, Z_STRVAL(tmp));
                zval_dtor(&tmp); 
                t_cp += cur_f->db_flen;
        }
@@ -306,7 +306,7 @@ PHP_FUNCTION(dbase_add_record)
                RETURN_FALSE;
        }
 
-        put_dbf_info(dbh);
+       put_dbf_info(dbh);
        efree(cp);
 
        RETURN_TRUE;
@@ -361,7 +361,7 @@ PHP_FUNCTION(dbase_replace_record)
                        RETURN_FALSE;
                }
                convert_to_string_ex(field);
-               sprintf(t_cp, cur_f->db_format, Z_STRVAL_PP(field)); 
+               snprintf(t_cp, cur_f->db_flen+1, cur_f->db_format, Z_STRVAL_PP(field)); 
                t_cp += cur_f->db_flen;
        }