Home Original page

: Bug #36113 :: Reading records causes malloc(): memory corruption:

Bug #36113 Reading records causes malloc(): memory corruption:
Submitted: 2006-01-20 23:55 UTC Modified: 2006-01-23 23:42 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: kermodebear at kermodebear dot org Assigned: tony2001 (profile)
Status: Closed Package: dBase related
PHP Version: 5.1.2 OS: RedHat Linux
Private report: No CVE-ID: None

 [2006-01-20 23:55 UTC] kermodebear at kermodebear dot org

Description:
------------
Reading records from a specific dBase file causes the following error message:

*** glibc detected *** malloc(): memory corruption: 0x09efb7d0 ***
Aborted

However, if dbase_get_header_info() is called before the reading of records, then a different error occurs:

*** glibc detected *** free(): invalid next size (fast): 0x08c4b270 ***
Aborted

You can download the file causing the issue: www.kermodebear.org/php_bug_data/sample.DBF

I thought that the file may be corrupted, so I downloaded three different software packages ('DBF View', 'DBF Viewer 2000', 'DBF Manager') and each of them was able to view the data without a problem. I'm fairly certain that the file itself is not corrupt. Even if it is, PHP should not cause these kinds of errors; The dbase_get_record function should return false on error.

PHP version is 5.1.2;
./configure --enable-dbase

Reproduce code:
---------------
<?php
$h = dbase_open( 'sample.DBF', 0 );
// Uncomment the line below for a different error.
// dbase_get_header_info( $h );
for( $i = 1; $i <= dbase_numrecords( $h ); $i++ ) {
    dbase_get_record( $h, $i );
}
?>


Expected result:
----------------
No output at all; The file should be opened, all records should be read, and the script should end.

Actual result:
--------------
[jmiller@DEVEL cli]$ ./php test.php
*** glibc detected *** malloc(): memory corruption: 0x09efb7d0 ***
Aborted

With dbase_get_header_info() called before fetching records:

[jmiller@DEVEL cli]$ ./php test.php
*** glibc detected *** free(): invalid next size (fast): 0x091f60b8 ***
Aborted

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

 [2006-01-21 01:03 UTC] tony2001@php.net

Please try this patch:
http://tony2001.phpclub.net/dev/tmp/bug36113.diff

The field type you're using (TIMESTAMP) is not supported by the library PHP uses to work with DBF files, so you should get a nice error message in this case.
I don't use DBase, so please test this patch with supported fields, just to make sure it doesn't break anything. Thanks.

 [2006-01-21 01:47 UTC] kermodebear at kermodebear dot org

I attempted to read the problem file; using dbase_open caused the warning 'Unable to get header' to be printed to the screen and the function returned false.

I then attempted to read in several files that had worked before the patch; They all worked without a problem.

Overall, the patch did what it was intended to do and didn't break anything. Time for me to go request support for TIMESTAMP or try to add it myself.

Thank you for responding to the bug so quickly; I may not be able to read the files but this is much better than memory corruption. (o:

 [2006-01-23 23:42 UTC] tony2001@php.net

This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.