[PATCH - shapelib] Fix crashes on corrupted geometries

[rouault]

The attached patch adds checks to SHPReadObject so that hostile/corrupted geometries in a shape entity don't cause shapelib to read memory outside of the declared entity size and pabyRec buffer.

I've attached too a zip file containing a few volontary corrupted shapefiles to demonstrate the crashes (or Valgrind errors) and the fix.

[rouault]

Patch updated that also checks for two big number of points or parts that would cause arithmetic computation overflow, and another test that checks that the panPartStart array is correct (checks of the indices wrt the number of points and that they appear in increasing orders).

ZIP also updated to add another shape that demonstrates the checks on panPartStart.

[warmerdam]

I'll try to incorporate this for 1.5.1.

[warmerdam]

Patch applied in Shapelib.

Patch downstreamed and applied in trunk (r14000) and 1.5 branch (r14001).

I would appreciate it if some sort of test case(s) could be added to the gdalautotest. Leaving open for that (in trunk only would be fine).

[rouault]

I will take care of adding test cases in gdalautotest. There will be based on the shapefiles in the buggyshape.zip archive

[rouault]

ogr_shape_21 test added in r14015