sniper Tue Nov 4 01:09:21 2003 EDT
Modified files: (Branch: PHP_4_3)
/php-src/ext/dbase dbase.c
Log:
MFH: - limit writing of field data to field len + 1
This fixed many memory overrun errors which appeared
in several scripts when writing a record.
by: Uwe Steinmann <[EMAIL PROTECTED]>
Index: php-src/ext/dbase/dbase.c
diff -u php-src/ext/dbase/dbase.c:1.60.2.2 php-src/ext/dbase/dbase.c:1.60.2.3
--- php-src/ext/dbase/dbase.c:1.60.2.2 Sun Sep 21 11:40:28 2003
+++ php-src/ext/dbase/dbase.c Tue Nov 4 01:09:19 2003
@@ -16,7 +16,7 @@
+----------------------------------------------------------------------+
*/
-/* $Id: dbase.c,v 1.60.2.2 2003/09/21 15:40:28 sniper Exp $ */
+/* $Id: dbase.c,v 1.60.2.3 2003/11/04 06:09:19 sniper Exp $ */
#ifdef HAVE_CONFIG_H
#include "config.h"
@@ -298,7 +298,7 @@
tmp = **field;
zval_copy_ctor(&tmp);
convert_to_string(&tmp);
- sprintf(t_cp, cur_f->db_format, Z_STRVAL(tmp));
+ snprintf(t_cp, cur_f->db_flen+1, cur_f->db_format, Z_STRVAL(tmp));
zval_dtor(&tmp);
t_cp += cur_f->db_flen;
}
@@ -310,7 +310,7 @@
RETURN_FALSE;
}
- put_dbf_info(dbh);
+ put_dbf_info(dbh);
efree(cp);
RETURN_TRUE;
@@ -369,7 +369,7 @@
RETURN_FALSE;
}
convert_to_string_ex(field);
- sprintf(t_cp, cur_f->db_format, Z_STRVAL_PP(field));
+ snprintf(t_cp, cur_f->db_flen+1, cur_f->db_format,
Z_STRVAL_PP(field));
t_cp += cur_f->db_flen;
}
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
