Ticket #2190 (closed defect: fixed)

Opened 4 years ago

Last modified 4 years ago

PNMDataset False Positive

Reported by: rsoconnor Owned by: warmerdam
Priority: normal Milestone: 1.4.5
Component: GDAL_Raster Version: 1.4.0
Severity: normal Keywords: pnm
Cc:

Description

GDAL tried to open up an ENVI file as a PNMDataset incorrectly and subsequently crashed in the GDALOpen function. It crashed in the "isspace" function because an assertion failed in pnmdataset.cpp

Admittedly this is a rare occurance and only happened once after opening up thousands of ENVI files.

The PNMDataset::Identify function may need to be more strict in its verification of files types.

My short term solution was just to deregister the PNM driver.

Attachments

test.dat Download (4.0 KB) - added by rsoconnor 4 years ago.
test.dat.hdr Download (472 bytes) - added by rsoconnor 4 years ago.

Change History

follow-up: ↓ 3   Changed 4 years ago by rouault

Could you possibly attach your ENVI file, or just the few first bytes ?

  Changed 4 years ago by rouault

I've looked at the code and fixed a potential buffer overflow in case of bad PNM file, in r13655 in trunk and in r13656 in branches/1.5.

Hum, I'm just realizing it does not help for the PNMDataset::Identify function

Changed 4 years ago by rsoconnor

Changed 4 years ago by rsoconnor

in reply to: ↑ 1   Changed 4 years ago by rsoconnor

Replying to rouault:

Could you possibly attach your ENVI file, or just the few first bytes ?

Attached is the first 4k of the image file and the original ENVI header file.

  Changed 4 years ago by rouault

  • keywords pnm added
  • status changed from new to closed
  • version changed from unspecified to 1.4.0
  • resolution set to fixed
  • milestone set to 1.4.5

I've fixed inverted logical tests in PNM identify that also help fixing this bug. Commited in trunk in r13663, in branches/1.5 in r13664, and the two fixes in branches/1.4 in r13665

Note: See TracTickets for help on using tickets.