php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #15624 dbase_add_record segmentation fault when number too long
Submitted: 2002-02-19 10:27 UTC Modified: 2002-02-21 06:31 UTC
From: Jochen dot Riehm at teilauto dot net Assigned:
Status: Closed Package: dBase related
PHP Version: 4.0.6 OS: linux
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: Jochen dot Riehm at teilauto dot net
New email:
PHP Version: OS:

 

 [2002-02-19 10:27 UTC] Jochen dot Riehm at teilauto dot net 
When a number field for dbase_add_record is defined with a 
certain length and a longer number (in my case negative) 
is given, php breaks with a segementation fault.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2002-02-19 10:28 UTC] derick@php.net 
To properly diagnose this bug, we need a backtrace to see what is
happening behind the scenes. To find out how to generate a backtrace,
please read http://bugs.php.net/bugs-generating-backtrace.php

Once you have generated a backtrace, please submit it to this bug
report and change the status back to "Open".
 [2002-02-19 10:39 UTC] Jochen dot Riehm at teilauto dot net 
The issue seems to be more complicated then what I 
mentioned. I need to do further research as to why php 
breaks. I'll add it to this bug as soon as I know
 [2002-02-19 11:41 UTC] Jochen dot Riehm at teilauto dot net 
I found the issue that creates the crash:

If a string is given to dbf_add_record that is longer than 
the actual size as the last value in the array to write 
than it crashes. Reason is that cp in 
dbase.c:dbase_add_record overflows. It is allocated with 
the correct size for the row but gets overflown. The call 
to efree at the end of the function breaks. In debug mode, 
a correct error message is created:

---------------------------------------
dbase.c(413) : Block 0x0825A560 status:
Beginning:      OK (allocated on dbase.c:340, 472 bytes)
      End:      Overflown (magic=0x626D4720 instead of 
0x2A8FCC84)
                At least 4 bytes overflown
---------------------------------------
 [2002-02-21 06:31 UTC] Jochen dot Riehm at teilauto dot net 
this code 

<?
$db_link = dbase_create("tmp.dbf", array(array("char", 
"C", 5, 0)));

dbase_add_record($db_link, array("1234567"));
?>

broke my php installation. Since it does not break another 
similar installation it is probably a problem with my 
installation so I close the bug.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Thu Apr 25 23:01:29 2024 UTC