]> granicus.if.org Git - php/commitdiff
projects / php / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: e246ca1)
MFH: - limit writing of field data to field len + 1
authorfoobar <sniper@php.net>
Tue, 4 Nov 2003 06:09:19 +0000 (06:09 +0000)
committerfoobar <sniper@php.net>
Tue, 4 Nov 2003 06:09:19 +0000 (06:09 +0000)
       This fixed many memory overrun errors which appeared
       in several scripts when writing a record.

by: Uwe Steinmann <steinm@php.net>

ext/dbase/dbase.c patch | blob | history

diff --git a/ext/dbase/dbase.c b/ext/dbase/dbase.c
index d60ace0f1fb51ea59c389c508bf4ac9818b3aecc..b5192ef4d2e05b74008cbc95ec1fb1d86b436a07 100644 (file)
--- a/ext/dbase/dbase.c
+++ b/ext/dbase/dbase.c
@@ -298,7 +298,7 @@ PHP_FUNCTION(dbase_add_record)
                tmp = **field;
                zval_copy_ctor(&tmp);
                convert_to_string(&tmp);
-               sprintf(t_cp, cur_f->db_format, Z_STRVAL(tmp));
+               snprintf(t_cp, cur_f->db_flen+1, cur_f->db_format, Z_STRVAL(tmp));
                zval_dtor(&tmp); 
                t_cp += cur_f->db_flen;
        }
@@ -310,7 +310,7 @@ PHP_FUNCTION(dbase_add_record)
                RETURN_FALSE;
        }
 
-        put_dbf_info(dbh);
+       put_dbf_info(dbh);
        efree(cp);
 
        RETURN_TRUE;
@@ -369,7 +369,7 @@ PHP_FUNCTION(dbase_replace_record)
                        RETURN_FALSE;
                }
                convert_to_string_ex(field);
-               sprintf(t_cp, cur_f->db_format, Z_STRVAL_PP(field)); 
+               snprintf(t_cp, cur_f->db_flen+1, cur_f->db_format, Z_STRVAL_PP(field)); 
                t_cp += cur_f->db_flen;
        }
 
Unnamed repository; edit this file 'description' to name the repository.