|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
[2002-02-19 10:27 UTC] Jochen dot Riehm at teilauto dot net
When a number field for dbase_add_record is defined with a certain length and a longer number (in my case negative) is given, php breaks with a segementation fault. PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
|
|||||||||||||||||||||||||||
Copyright © 2001-2025 The PHP GroupAll rights reserved. |
Last updated: Tue Oct 28 01:00:01 2025 UTC |
I found the issue that creates the crash: If a string is given to dbf_add_record that is longer than the actual size as the last value in the array to write than it crashes. Reason is that cp in dbase.c:dbase_add_record overflows. It is allocated with the correct size for the row but gets overflown. The call to efree at the end of the function breaks. In debug mode, a correct error message is created: --------------------------------------- dbase.c(413) : Block 0x0825A560 status: Beginning: OK (allocated on dbase.c:340, 472 bytes) End: Overflown (magic=0x626D4720 instead of 0x2A8FCC84) At least 4 bytes overflown ---------------------------------------this code <? $db_link = dbase_create("tmp.dbf", array(array("char", "C", 5, 0))); dbase_add_record($db_link, array("1234567")); ?> broke my php installation. Since it does not break another similar installation it is probably a problem with my installation so I close the bug.