From: Uwe Steinmann Date: Tue, 14 Oct 2003 07:49:34 +0000 (+0000) Subject: - limit writing of field data to field len + 1 X-Git-Tag: RELEASE_1_3b3~62 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=84d156ae158be370c8087d3a480077c768258477;p=php - limit writing of field data to field len + 1 This fixed many memory overrun errors which appeared in several scripts when writing a record. --- diff --git a/ext/dbase/dbase.c b/ext/dbase/dbase.c index 43a8dfd89e..7bcc7f7026 100644 --- a/ext/dbase/dbase.c +++ b/ext/dbase/dbase.c @@ -294,7 +294,7 @@ PHP_FUNCTION(dbase_add_record) tmp = **field; zval_copy_ctor(&tmp); convert_to_string(&tmp); - sprintf(t_cp, cur_f->db_format, Z_STRVAL(tmp)); + snprintf(t_cp, cur_f->db_flen+1, cur_f->db_format, Z_STRVAL(tmp)); zval_dtor(&tmp); t_cp += cur_f->db_flen; } @@ -306,7 +306,7 @@ PHP_FUNCTION(dbase_add_record) RETURN_FALSE; } - put_dbf_info(dbh); + put_dbf_info(dbh); efree(cp); RETURN_TRUE; @@ -361,7 +361,7 @@ PHP_FUNCTION(dbase_replace_record) RETURN_FALSE; } convert_to_string_ex(field); - sprintf(t_cp, cur_f->db_format, Z_STRVAL_PP(field)); + snprintf(t_cp, cur_f->db_flen+1, cur_f->db_format, Z_STRVAL_PP(field)); t_cp += cur_f->db_flen; }