PHP :: Bug #15624 :: dbase_add_record segmentation fault when number too long

Bug #15624	dbase_add_record segmentation fault when number too long
Submitted:	2002-02-19 10:27 UTC	Modified:	2002-02-21 06:31 UTC
From:	Jochen dot Riehm at teilauto dot net	Assigned:
Status:	Closed	Package:	dBase related
PHP Version:	4.0.6	OS:	linux
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	Jochen dot Riehm at teilauto dot net
New email:
PHP Version:		OS:

New Comment:

[2002-02-19 10:27 UTC] Jochen dot Riehm at teilauto dot net

When a number field for dbase_add_record is defined with a 
certain length and a longer number (in my case negative) 
is given, php breaks with a segementation fault.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2002-02-19 10:28 UTC] derick@php.net

To properly diagnose this bug, we need a backtrace to see what is
happening behind the scenes. To find out how to generate a backtrace,
please read http://bugs.php.net/bugs-generating-backtrace.php

Once you have generated a backtrace, please submit it to this bug
report and change the status back to "Open".

[2002-02-19 10:39 UTC] Jochen dot Riehm at teilauto dot net

The issue seems to be more complicated then what I 
mentioned. I need to do further research as to why php 
breaks. I'll add it to this bug as soon as I know

[2002-02-19 11:41 UTC] Jochen dot Riehm at teilauto dot net

I found the issue that creates the crash:

If a string is given to dbf_add_record that is longer than 
the actual size as the last value in the array to write 
than it crashes. Reason is that cp in 
dbase.c:dbase_add_record overflows. It is allocated with 
the correct size for the row but gets overflown. The call 
to efree at the end of the function breaks. In debug mode, 
a correct error message is created:

---------------------------------------
dbase.c(413) : Block 0x0825A560 status:
Beginning:      OK (allocated on dbase.c:340, 472 bytes)
      End:      Overflown (magic=0x626D4720 instead of 
0x2A8FCC84)
                At least 4 bytes overflown
---------------------------------------

[2002-02-21 06:31 UTC] Jochen dot Riehm at teilauto dot net

this code 

<?
$db_link = dbase_create("tmp.dbf", array(array("char", 
"C", 5, 0)));

dbase_add_record($db_link, array("1234567"));
?>

broke my php installation. Since it does not break another 
similar installation it is probably a problem with my 
installation so I close the bug.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Wed Mar 12 23:01:31 2025 UTC