Opened 16 years ago

Closed 15 years ago

#2140 closed defect (fixed)

SWIG ReadRaster_internal and DSReadRaster_internal may crash

Reported by: Even Rouault Owned by: hobu
Priority: normal Milestone:
Component: SWIG (all bindings) Version: 1.5.0
Severity: normal Keywords:
Cc: tamas, Ari Jolma

Description

Currently, no check is done on the return value of malloc. Thus it can lead to crashes when passing a NULL pointer to GDALRasterIO and GDALDatasetRasterIO. Furthermore, overflow in multiplication can occur.

The attached patch tries to address both issues. It should be improved to declare "size_t* buf_size" instead of "int *buf_size", but apparently it's not as simple as that (I've no knownledge how swig works and maps type).

Attachments (1)

gdal_svn_trunk_swig_vsimalloc3.patch (2.6 KB ) - added by Even Rouault 16 years ago.

Download all attachments as: .zip

Change History (4)

by Even Rouault, 16 years ago

Attachment: gdal_svn_trunk_swig_vsimalloc3.patch added

comment:1 by hobu, 16 years ago

Cc: tamas Ari Jolma added

Even,

Please apply this to trunk.

comment:2 by Even Rouault, 16 years ago

Patch applied in r14016.

In addition, the swig generated files should be regenerated.

comment:3 by hobu, 15 years ago

Resolution: fixed
Status: newclosed

Closing as fixed, but #2658 is related to this as we should only be doing the allocation if we aren't using numpy. I will track the resolution of those issues in #2658

Note: See TracTickets for help on using tickets.