|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
[2021-10-29 12:17 UTC] cmb@php.net
-Summary: SIGSEGV reading dbase file
+Summary: SIGSEGV reading dbase file with few data
-Status: Open
+Status: Verified
-Assigned To:
+Assigned To: cmb
[2021-10-29 12:17 UTC] cmb@php.net
[2021-10-29 15:37 UTC] git@php.net
[2021-10-29 15:37 UTC] git@php.net
-Status: Verified
+Status: Closed
|
|||||||||||||||||||||||||||||||||||||
Copyright © 2001-2025 The PHP GroupAll rights reserved. |
Last updated: Wed Oct 29 07:00:01 2025 UTC |
Description: ------------ The dbf included in the testscript below causes a SIGSEGV (null pointer de-reference) in php_dbase_get_record. On cursory debugging it appears that EOF is encountered while reading the file which leaves db_format as NULL. It's possible that the dbase is invalid, however it opens fine in various applications, for example dbview. Test script: --------------- // write temp. dbase file $data = base64_decode('A3cBEAEAAACBAB0AAAAAAAAAAAAAAAAAAAAAAAAAAABTQ0hMQUdOUgAAAE4AAAAACgAAAAAAAAAAAAAAAAAAAFRFSUxTQ0hMQUcAQwAAAAACAAAAAAAAAAAAAAAAAAAARkxJSwAAAAAAAABDAAAAABAAAAAAAAAAAAAAAAAAAAANICAgICAgMTIzNDVhIERFTldMSTA1NDYxMzI3Nzca'); $tmpFile = tmpfile(); fwrite($tmpFile, $data); fflush($tmpFile); $path = stream_get_meta_data($tmpFile)['uri']; $db = dbase_open($path, 0); $n = dbase_numrecords($db); for ($index=1; $index<=$n; $index++) { // crash here $record = dbase_get_record_with_names($db, $index); print_r($record); } dbase_close($db); Actual result: -------------- Program received signal SIGSEGV, Segmentation fault. 0x00007ffff561cb4c in php_dbase_get_record (return_value=0x7ffff5414ec0, assoc=1, execute_data=<optimized out>) at /tmp/pecl-database-dbase/dbase.c:456 456 if (*cur_f->db_format) { (gdb) bt #0 0x00007ffff561cb4c in php_dbase_get_record (return_value=0x7ffff5414ec0, assoc=1, execute_data=<optimized out>) at /tmp/pecl-database-dbase/dbase.c:456 #1 0x00007ffff563607d in xdebug_execute_internal (current_execute_data=0x7ffff5415020, return_value=0x7ffff5414ec0) at ./build-7.4/src/base/base.c:897 #2 0x0000555555883ebb in execute_ex () #3 0x00007ffff56357d2 in xdebug_execute_ex (execute_data=0x7ffff5414cd0) at ./build-7.4/src/base/base.c:779 #4 0x00005555557ee5df in zend_call_function () #5 0x0000555555731dff in ?? () #6 0x00007ffff563607d in xdebug_execute_internal (current_execute_data=0x7ffff5414c60, return_value=0x7ffff5414c50) at ./build-7.4/src/base/base.c:897 #7 0x0000555555883ebb in execute_ex () #8 0x00007ffff56357d2 in xdebug_execute_ex (execute_data=0x7ffff5414980) at ./build-7.4/src/base/base.c:779 #9 0x0000555555883e08 in execute_ex () #10 0x00007ffff56357d2 in xdebug_execute_ex (execute_data=0x7ffff54148f0) at ./build-7.4/src/base/base.c:779 #11 0x0000555555883e08 in execute_ex () #12 0x00007ffff56357d2 in xdebug_execute_ex (execute_data=0x7ffff5414840) at ./build-7.4/src/base/base.c:779 #13 0x0000555555883e08 in execute_ex () #14 0x00007ffff56357d2 in xdebug_execute_ex (execute_data=0x7ffff5414770) at ./build-7.4/src/base/base.c:779 #15 0x0000555555883e08 in execute_ex () #16 0x00007ffff56357d2 in xdebug_execute_ex (execute_data=0x7ffff54145c0) at ./build-7.4/src/base/base.c:779 #17 0x0000555555883e08 in execute_ex () #18 0x00007ffff56357d2 in xdebug_execute_ex (execute_data=0x7ffff54141b0) at ./build-7.4/src/base/base.c:779 #19 0x0000555555883e08 in execute_ex () #20 0x00007ffff56357d2 in xdebug_execute_ex (execute_data=0x7ffff5413350) at ./build-7.4/src/base/base.c:779 #21 0x0000555555883c8e in execute_ex () #22 0x00007ffff56357d2 in xdebug_execute_ex (execute_data=0x7ffff54131f0) at ./build-7.4/src/base/base.c:779 #23 0x0000555555883c8e in execute_ex () #24 0x00007ffff56357d2 in xdebug_execute_ex (execute_data=0x7ffff5413020) at ./build-7.4/src/base/base.c:779 #25 0x0000555555886cab in zend_execute () #26 0x00005555557fd1fc in zend_execute_scripts () #27 0x000055555579c930 in php_execute_script () #28 0x0000555555888dea in ?? () #29 0x0000555555661ec8 in ?? ()