From: foobar <sniper@php.net>
Date: Tue, 4 Nov 2003 06:09:19 +0000 (+0000)
Subject: MFH: - limit writing of field data to field len + 1
X-Git-Tag: php-4.3.5RC1~243
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=bd5b1ff74fd5d0b634335a009f3ebe2b75299f0a;p=php

MFH: - limit writing of field data to field len + 1
       This fixed many memory overrun errors which appeared
       in several scripts when writing a record.

by: Uwe Steinmann <steinm@php.net>
---

diff --git a/ext/dbase/dbase.c b/ext/dbase/dbase.c
index d60ace0f1f..b5192ef4d2 100644
--- a/ext/dbase/dbase.c
+++ b/ext/dbase/dbase.c
@@ -298,7 +298,7 @@ PHP_FUNCTION(dbase_add_record)
 		tmp = **field;
 		zval_copy_ctor(&tmp);
 		convert_to_string(&tmp);
-		sprintf(t_cp, cur_f->db_format, Z_STRVAL(tmp));
+		snprintf(t_cp, cur_f->db_flen+1, cur_f->db_format, Z_STRVAL(tmp));
 		zval_dtor(&tmp); 
 		t_cp += cur_f->db_flen;
 	}
@@ -310,7 +310,7 @@ PHP_FUNCTION(dbase_add_record)
 		RETURN_FALSE;
 	}
 
-        put_dbf_info(dbh);
+	put_dbf_info(dbh);
 	efree(cp);
 
 	RETURN_TRUE;
@@ -369,7 +369,7 @@ PHP_FUNCTION(dbase_replace_record)
 			RETURN_FALSE;
 		}
 		convert_to_string_ex(field);
-		sprintf(t_cp, cur_f->db_format, Z_STRVAL_PP(field)); 
+		snprintf(t_cp, cur_f->db_flen+1, cur_f->db_format, Z_STRVAL_PP(field)); 
 		t_cp += cur_f->db_flen;
 	}