Ticket #2140 (closed defect: fixed)

Opened 5 years ago

Last modified 4 years ago

SWIG ReadRaster_internal and DSReadRaster_internal may crash

Reported by: rouault Owned by: hobu
Priority: normal Milestone:
Component: SWIG (all bindings) Version: 1.5.0
Severity: normal Keywords:
Cc: tamas, ajolma

Description

Currently, no check is done on the return value of malloc. Thus it can lead to crashes when passing a NULL pointer to GDALRasterIO and GDALDatasetRasterIO. Furthermore, overflow in multiplication can occur.

The attached patch tries to address both issues. It should be improved to declare "size_t* buf_size" instead of "int *buf_size", but apparently it's not as simple as that (I've no knownledge how swig works and maps type).

Attachments

gdal_svn_trunk_swig_vsimalloc3.patch Download (2.6 KB) - added by rouault 5 years ago.

Change History

Changed 5 years ago by rouault

Changed 5 years ago by hobu

  • cc tamas, ajolma added

Even,

Please apply this to trunk.

Changed 5 years ago by rouault

Patch applied in r14016.

In addition, the swig generated files should be regenerated.

Changed 4 years ago by hobu

  • status changed from new to closed
  • resolution set to fixed

Closing as fixed, but #2658 is related to this as we should only be doing the allocation if we aren't using numpy. I will track the resolution of those issues in #2658

Note: See TracTickets for help on using tickets.