Opened 16 years ago
Closed 16 years ago
#2196 closed defect (fixed)
NetCDF driver segfaults when reading large attributes
Reported by: | mariocruz | Owned by: | warmerdam |
---|---|---|---|
Priority: | normal | Milestone: | 1.4.5 |
Component: | GDAL_Raster | Version: | 1.4.4 |
Severity: | normal | Keywords: | netcdf |
Cc: |
Description
The NetCDF driver current implementation assumes that the length of an attribute string representation never exceeds MAX_STR_LEN characters. This assumption, together with the liberal use of strcpy/strcat causes a segfault when reading files whose attribute representation is larger than this fixed value.
The attached patch is a proposed (simple) fix for the problem which removes the length limit and allocates memory as needed by using a wrapper function around strcat.
Bug exists at least in versions 1.4.2, 1.4.4 and 1.5.0. Patched against the 1.5.0 source.
Attachments (2)
Change History (6)
by , 16 years ago
Attachment: | netcdf.patch added |
---|
comment:1 by , 16 years ago
Component: | default → GDAL_Raster |
---|---|
Milestone: | → 1.5.1 |
Resolution: | → fixed |
Status: | new → closed |
Mario,
I applied the patch and tested with valgrind and discovered we needed to add +1 in the size test to ensure we have room for the string terminating zero byte. The slightly adapted patch has been applied in trunk (r13698) and 1.5 (r13699). The patch doesn't apply cleanly in 1.4 branch so I'm going to skip addressing it there.
Thanks!
by , 16 years ago
Attachment: | netcdf.1.4.4.patch added |
---|
netcdfdataset.cpp and netcdfdataset.h patch (1.4 branch)
comment:2 by , 16 years ago
I'm actually still using the 1.4 branch in my project and therefore would have some interest in having it also changed, so I've attached a patch created against the 1.4.4 version of the source (+1 size corrected already, thanks for pointing out that bug).
Not reopening the ticket though, as the issue has been solved for non-legacy versions.
comment:3 by , 16 years ago
Milestone: | 1.5.1 → 1.4.5 |
---|---|
Resolution: | fixed |
Status: | closed → reopened |
Version: | 1.5.0 → 1.4.4 |
comment:4 by , 16 years ago
Resolution: | → fixed |
---|---|
Status: | reopened → closed |
Patch applied in 1.4 branch (r13712).
netcdfdataset.cpp and netcdfdataset.h patch