From 8ff4b6730732a00cc4be65d9c5d94a034c72252d Mon Sep 17 00:00:00 2001 From: Rasmus Lerdorf Date: Tue, 1 Apr 2003 19:10:35 +0000 Subject: [PATCH] Argh!!! I guess nobody has ever looked at this code. --- TODO_SEGFAULTS | 2 +- ext/dbase/dbf_head.c | 5 +++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/TODO_SEGFAULTS b/TODO_SEGFAULTS index 97f5aa608c..6c3832a71b 100644 --- a/TODO_SEGFAULTS +++ b/TODO_SEGFAULTS @@ -7,13 +7,13 @@ Fixed: i18n_convert/mb_convert_encoding (Moriyoshi Koizumi) socket_iovec_alloc (Rasmus) exif_imagetype,exif_thumbnail (Rasmus) + dbase_open (Rasmus) Open: array_pad bcsub (1) - dbase_open mb_ereg (2) mb_ereg_match (2) mb_eregi (2) diff --git a/ext/dbase/dbf_head.c b/ext/dbase/dbf_head.c index afaa0d724d..9ec1f40d6c 100644 --- a/ext/dbase/dbf_head.c +++ b/ext/dbase/dbf_head.c @@ -247,9 +247,10 @@ dbhead_t *dbf_open(char *dp, int o_flags TSRMLS_DC) cp = dp; if ((fd = VCWD_OPEN(cp, o_flags|O_BINARY)) < 0) { - cp = (char *)malloc(256); - strcpy(cp, dp); strcat(cp, ".dbf"); + cp = (char *)malloc(MAXPATHLEN); /* So where does this get free()'d? -RL */ + strncpy(cp, dp, MAXPATHLEN-5); strcat(cp, ".dbf"); if ((fd = VCWD_OPEN(cp, o_flags)) < 0) { + free(cp); perror("open"); return NULL; } -- 2.40.0