ID: 15624
Updated by: [EMAIL PROTECTED]
Reported By: [EMAIL PROTECTED]
Status: Open
Bug Type: dBase related
Operating System: linux
PHP Version: 4.0.6
New Comment:
I found the issue that creates the crash:
If a string is given to dbf_add_record that is longer than
the actual size as the last value in the array to write
than it crashes. Reason is that cp in
dbase.c:dbase_add_record overflows. It is allocated with
the correct size for the row but gets overflown. The call
to efree at the end of the function breaks. In debug mode,
a correct error message is created:
---------------------------------------
dbase.c(413) : Block 0x0825A560 status:
Beginning: OK (allocated on dbase.c:340, 472 bytes)
End: Overflown (magic=0x626D4720 instead of
0x2A8FCC84)
At least 4 bytes overflown
---------------------------------------
Previous Comments:
------------------------------------------------------------------------
[2002-02-19 10:39:49] [EMAIL PROTECTED]
The issue seems to be more complicated then what I
mentioned. I need to do further research as to why php
breaks. I'll add it to this bug as soon as I know
------------------------------------------------------------------------
[2002-02-19 10:28:27] [EMAIL PROTECTED]
To properly diagnose this bug, we need a backtrace to see what is
happening behind the scenes. To find out how to generate a backtrace,
please read http://bugs.php.net/bugs-generating-backtrace.php
Once you have generated a backtrace, please submit it to this bug
report and change the status back to "Open".
------------------------------------------------------------------------
[2002-02-19 10:27:47] [EMAIL PROTECTED]
When a number field for dbase_add_record is defined with a
certain length and a longer number (in my case negative)
is given, php breaks with a segementation fault.
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=15624&edit=1
