Opened 18 years ago

Last modified 18 years ago

#1310 closed defect (fixed)

[OGR] Memory Corruption in ogrfeaturestyle.cpp

Reported by: rlcave3rd@… Owned by: warmerdam
Priority: highest Milestone:
Component: OGR_SF Version: unspecified
Severity: normal Keywords:
Cc:

Description 

This bug is from GDAL version 1.3.2.

Line 757 of ogrfeaturestyle.cpp contains the following statement:

char szCurrent[25];

szCurrent is used to build an OGR style string, which quickly becomes longer than 25 characters and causes memory corruption.  I modified my source to make the buffer 256 characters and that seems to have fixed the problem for me.

Change History (1)

comment:1 by warmerdam, 18 years ago 

Change applied.

I would like to have made a more comprehensive fix using CPLString for
dynamic sizing, but I can't seem to easily trigger this particular code
segment. And I don't want to do fancy changes without a test case.
Note: See TracTickets for help on using tickets.