MFH: fix #36113 (Reading records of unsupported type causes segfault)

tony2001 · tony2001 · commit d0e1a4fdca3f · 2006-01-23T22:42:12.000Z
diff --git a/NEWS b/NEWS
@@ -11,6 +11,8 @@ PHP                                                                        NEWS
   on error. (Pierre)
 - Fixed bug #36134 (DirectoryIterator constructor failed to detect empty 
   directory names). (Ilia)
+- Fixed bug #36113 (Reading records of unsupported type causes segfault). 
+  (Tony)
 - Fixed bug #36096 (oci_result() returns garbage after oci_fetch() failed). 
   (Tony)
 - Fixed bug #36071 (Engine Crash related with 'clone'). (Dmitry)
diff --git a/ext/dbase/dbf_head.c b/ext/dbase/dbf_head.c
@@ -24,7 +24,7 @@ dbhead_t *get_dbf_head(int fd)
 	dbfield_t *dbf, *cur_f, *tdbf;
 	int ret, nfields, offset, gf_retval;
 
-	if ((dbh = (dbhead_t *)malloc(sizeof(dbhead_t))) == NULL)
+	if ((dbh = (dbhead_t *)calloc(1, sizeof(dbhead_t))) == NULL)
 		return NULL;
 	if (lseek(fd, 0, 0) < 0)
 		return NULL;
@@ -44,7 +44,7 @@ dbhead_t *get_dbf_head(int fd)
 
 	/* malloc enough memory for the maximum number of fields:
 	   32 * 1024 = 32K dBase5 (for Win) seems to allow that many */
-	tdbf = (dbfield_t *)malloc(sizeof(dbfield_t)*1024);
+	tdbf = (dbfield_t *)calloc(1, sizeof(dbfield_t)*1024);
 	
 	offset = 1;
 	nfields = 0;
@@ -157,7 +157,8 @@ int get_dbf_field(dbhead_t *dbh, dbfield_t *dbf)
 	}
 
 	if ((dbf->db_format = get_dbf_f_fmt(dbf)) == NULL) {
-		return 1;
+		/* something went wrong, most likely this fieldtype is not supported */
+		return -1;
 	}
 
 	return 0;
@@ -235,6 +236,8 @@ char *get_dbf_f_fmt(dbfield_t *dbf)
 	   case 'M':
 		strcpy(format, "%s");
 		break;
+	   default:
+		return NULL;
 	}
 	return (char *)strdup(format);
 }
@@ -256,7 +259,7 @@ dbhead_t *dbf_open(char *dp, int o_flags TSRMLS_DC)
 		}
 	}
 
-	if ((dbh = get_dbf_head(fd)) ==	 0) {
+	if ((dbh = get_dbf_head(fd)) ==	NULL) {
 		fprintf(stderr, "Unable to get header\n");
 		return NULL;
 	}

Original file line number	Diff line number	Diff line change
`@@ -24,7 +24,7 @@ dbhead_t *get_dbf_head(int fd)`
`24`	`24`	`dbfield_t dbf, cur_f, *tdbf;`
`25`	`25`	`int ret, nfields, offset, gf_retval;`
`26`	`26`
`27`		`- if ((dbh = (dbhead_t *)malloc(sizeof(dbhead_t))) == NULL)`
	`27`	`+ if ((dbh = (dbhead_t *)calloc(1, sizeof(dbhead_t))) == NULL)`
`28`	`28`	`return NULL;`
`29`	`29`	`if (lseek(fd, 0, 0) < 0)`
`30`	`30`	`return NULL;`
`@@ -44,7 +44,7 @@ dbhead_t *get_dbf_head(int fd)`
`44`	`44`
`45`	`45`	`/* malloc enough memory for the maximum number of fields:`
`46`	`46`	`32 * 1024 = 32K dBase5 (for Win) seems to allow that many */`
`47`		`- tdbf = (dbfield_t )malloc(sizeof(dbfield_t)1024);`
	`47`	`+ tdbf = (dbfield_t )calloc(1, sizeof(dbfield_t)1024);`
`48`	`48`
`49`	`49`	`offset = 1;`
`50`	`50`	`nfields = 0;`
`@@ -157,7 +157,8 @@ int get_dbf_field(dbhead_t dbh, dbfield_t dbf)`
`157`	`157`	`}`
`158`	`158`
`159`	`159`	`if ((dbf->db_format = get_dbf_f_fmt(dbf)) == NULL) {`
`160`		`- return 1;`
	`160`	`+ /* something went wrong, most likely this fieldtype is not supported */`
	`161`	`+ return -1;`
`161`	`162`	`}`
`162`	`163`
`163`	`164`	`return 0;`
`@@ -235,6 +236,8 @@ char get_dbf_f_fmt(dbfield_t dbf)`
`235`	`236`	`case 'M':`
`236`	`237`	`strcpy(format, "%s");`
`237`	`238`	`break;`
	`239`	`+ default:`
	`240`	`+ return NULL;`
`238`	`241`	`}`
`239`	`242`	`return (char *)strdup(format);`
`240`	`243`	`}`
`@@ -256,7 +259,7 @@ dbhead_t dbf_open(char dp, int o_flags TSRMLS_DC)`
`256`	`259`	`}`
`257`	`260`	`}`
`258`	`261`
`259`		`- if ((dbh = get_dbf_head(fd)) == 0) {`
	`262`	`+ if ((dbh = get_dbf_head(fd)) == NULL) {`
`260`	`263`	`fprintf(stderr, "Unable to get header\n");`
`261`	`264`	`return NULL;`
`262`	`265`	`}`