PHPBuilder.com, the best resource for PHP tutorials, templates, PHP manuals, content management systems, scripts, classes and more.

Linux Today
Enterprise Linux Today
Apache Today
JustLinux.com
Linux Planet
PHPBuilder
All Linux Devices
Hiermenus
DatabaseJournal
Technology Jobs

IT
Developer
Internet News
Small Business
Personal Technology
International

Search internet.com
Advertise
Corporate Info
Newsletters
Tech Jobs
E-mail Offers

Covalent Extends Apache 2.0 to Microsoft ASP.NET
ShopWorX - Support for Windows
PHP Security Advisory: Vulnerability in PHP versions 4.2.0 and 4.2.1
Network Risk Assessment
Full-Featured, Java-Based Apache GUI

Partners & Affiliates

Fundamentals of PHP Superglobals
Apache on WIN32
MySQL Query Browser
Using XML, a PHP Developer's Primer: XML-RPC, PHP and Javascript, Part 2
Easy Calendar Applications

[PHP-DEV] Re: [PHP-CVS] cvs: php4 /main main.c From: Andi Gutmans (andi <email protected>)
Date: 09/08/00

Next message: Bug Database: "[PHP-DEV] PHP 4.0 Bug #6616 Updated: ext/java: reassigning values for variables causes segfault"
Previous message: Bug Database: "[PHP-DEV] PHP 4.0 Bug #6629 Updated: Cutting off HTTP_POST_VARS with CONTENT_LENGTH>20k"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Best is to create and always use php_snprintf() and php_vsnprintf(). It
sucks to stick this checking code in every single place in PHP.

Andi

At 12:32 PM 9/8/00 +0000, Stanislav Malyshev wrote:
>stas Fri Sep 8 05:32:29 2000 EDT
>
> Modified files:
> /php4/main main.c
> Log:
> Fix crash on very long error messages
> Manual for snprintf says:
> If the output was truncated, the return value is -1, oth-
> erwise it is the number of characters stored, not includ-
> ing the terminating null.
> And that's a blatant lie - in reality, libc 2.1 always returns number of
> characters that _would be_ stored. I hate those libc bugs. Now we should go
> and check every place we trusted snprintf return value.
>
>
>Index: php4/main/main.c
>diff -u php4/main/main.c:1.314 php4/main/main.c:1.315
>--- php4/main/main.c:1.314 Fri Sep 8 05:07:21 2000
>+++ php4/main/main.c Fri Sep 8 05:32:29 2000
>@@ -19,7 +19,7 @@
> */
>
>
>-/* $Id: main.c,v 1.314 2000/09/08 12:07:21 stas Exp $ */
>+/* $Id: main.c,v 1.315 2000/09/08 12:32:29 stas Exp $ */
>
>
> #include <stdio.h>
>@@ -334,6 +334,9 @@
>
> buffer_len = vsnprintf(buffer, sizeof(buffer)-1, format, args);
> buffer[sizeof(buffer)-1]=0;
>+ if(buffer_len > sizeof(buffer) - 1 || buffer_len < 0) {
>+ buffer_len = sizeof(buffer) - 1;
>+ }
>
> /* display/log the error if necessary */
> if ((EG(error_reporting) & type || (type & E_CORE))
>
>
>
>--
>PHP CVS Mailing List (http://www.php.net/)
>To unsubscribe, e-mail: php-cvs-unsubscribe <email protected>
>For additional commands, e-mail: php-cvs-help <email protected>
>To contact the list administrators, e-mail: php-list-admin <email protected>

---
Andi Gutmans <andi <email protected>>
http://www.zend.com/
-- 
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: php-dev-unsubscribe <email protected>
For additional commands, e-mail: php-dev-help <email protected>
To contact the list administrators, e-mail: php-list-admin <email protected>

Next message: Bug Database: "[PHP-DEV] PHP 4.0 Bug #6616 Updated: ext/java: reassigning values for variables causes segfault"
Previous message: Bug Database: "[PHP-DEV] PHP 4.0 Bug #6629 Updated: Cutting off HTTP_POST_VARS with CONTENT_LENGTH>20k"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]