- limit writing of field data to field len + 1

This fixed many memory overrun errors which appeared in several scripts when writing a record.
author: Uwe Steinmann <steinm@php.net> 2003-10-14 07:49:34 +0000
committer: Uwe Steinmann <steinm@php.net> 2003-10-14 07:49:34 +0000
commit: 84d156ae158be370c8087d3a480077c768258477 (patch)
tree: a60028cc3a0676a7e328e9b539e3cbed4802da94 /ext/dbase
parent: 3c84c0eefcf751a3661d65f60238d83fbada9a8a (diff)
download: php-git-84d156ae158be370c8087d3a480077c768258477.tar.gz
1 files changed, 3 insertions, 3 deletions
diff --git a/ext/dbase/dbase.c b/ext/dbase/dbase.c
index 43a8dfd89e..7bcc7f7026 100644
--- a/ext/dbase/dbase.c
+++ b/ext/dbase/dbase.c
@@ -294,7 +294,7 @@ PHP_FUNCTION(dbase_add_record)
 		tmp = **field;
 		zval_copy_ctor(&tmp);
 		convert_to_string(&tmp);
-		sprintf(t_cp, cur_f->db_format, Z_STRVAL(tmp));
+		snprintf(t_cp, cur_f->db_flen+1, cur_f->db_format, Z_STRVAL(tmp));
 		zval_dtor(&tmp); 
 		t_cp += cur_f->db_flen;
 	}
@@ -306,7 +306,7 @@ PHP_FUNCTION(dbase_add_record)
 		RETURN_FALSE;
 	}
 
-        put_dbf_info(dbh);
+	put_dbf_info(dbh);
 	efree(cp);
 
 	RETURN_TRUE;
@@ -361,7 +361,7 @@ PHP_FUNCTION(dbase_replace_record)
 			RETURN_FALSE;
 		}
 		convert_to_string_ex(field);
-		sprintf(t_cp, cur_f->db_format, Z_STRVAL_PP(field)); 
+		snprintf(t_cp, cur_f->db_flen+1, cur_f->db_format, Z_STRVAL_PP(field)); 
 		t_cp += cur_f->db_flen;
 	}
author	Uwe Steinmann <steinm@php.net>	2003-10-14 07:49:34 +0000
committer	Uwe Steinmann <steinm@php.net>	2003-10-14 07:49:34 +0000
commit	84d156ae158be370c8087d3a480077c768258477 (patch)
tree	a60028cc3a0676a7e328e9b539e3cbed4802da94 /ext/dbase
parent	3c84c0eefcf751a3661d65f60238d83fbada9a8a (diff)
download	php-git-84d156ae158be370c8087d3a480077c768258477.tar.gz