NetCDF driver segfaults when reading large attributes

[mariocruz]

The NetCDF driver current implementation assumes that the length of an attribute string representation never exceeds MAX_STR_LEN characters. This assumption, together with the liberal use of strcpy/strcat causes a segfault when reading files whose attribute representation is larger than this fixed value.

The attached patch is a proposed (simple) fix for the problem which removes the length limit and allocates memory as needed by using a wrapper function around strcat.

Bug exists at least in versions 1.4.2, 1.4.4 and 1.5.0. Patched against the 1.5.0 source.

[mariocruz]

netcdfdataset.cpp and netcdfdataset.h patch

[warmerdam]

Mario,

I applied the patch and tested with valgrind and discovered we needed to add +1 in the size test to ensure we have room for the string terminating zero byte. The slightly adapted patch has been applied in trunk (r13698) and 1.5 (r13699). The patch doesn't apply cleanly in 1.4 branch so I'm going to skip addressing it there.

Thanks!

[mariocruz]

netcdfdataset.cpp and netcdfdataset.h patch (1.4 branch)

[mariocruz]

I'm actually still using the 1.4 branch in my project and therefore would have some interest in having it also changed, so I've attached a patch created against the 1.4.4 version of the source (+1 size corrected already, thanks for pointing out that bug).

Not reopening the ticket though, as the issue has been solved for non-legacy versions.

[warmerdam]

Patch applied in 1.4 branch (r13712).