Ticket #2366 (closed defect: fixed)

Opened 5 years ago

Last modified 5 years ago

NITFDataset::InitializeTextMetadata doesn't allocate space for the NULL-terminated character

Reported by: rouault Owned by: rouault
Priority: normal Milestone: 1.5.2
Component: GDAL_Raster Version: 1.5.0
Severity: normal Keywords: nitf TEXT
Cc: warmerdam

Description

nitf_21 test fails on Windows buildbots. This is due to the fact that when reading the TEXT data, the buffer doesn't allocate one extra byte for the NULL-terminating character.

See Valgrind trace below:

==8758== Invalid read of size 1 ==8758== at 0x474DE0A: CSLAddNameValue (cpl_string.cpp:1231) ==8758== by 0x474E2C4: CSLSetNameValue (cpl_string.cpp:1319) ==8758== by 0x46FAB87: GDALMultiDomainMetadata::SetMetadataItem?(char const*, char const*, char const*) (gdalmultidomainmetadata.cpp:171) ==8758== by 0x44FD70F: NITFDataset::InitializeTextMetadata?() (nitfdataset.cpp:2191) ==8758== by 0x44FEA29: NITFDataset::GetMetadata?(char const*) (nitfdataset.cpp:2284) ==8758== by 0x46F940C: GDALGetMetadata (gdalmajorobject.cpp:177) ==8758== by 0x804B409: main (gdalinfo.c:259) ==8758== Address 0x6F9DC59 is 0 bytes after a block of size 1 alloc'd ==8758== at 0x4021AA4: calloc (vg_replace_malloc.c:279) ==8758== by 0x475E483: VSICalloc (cpl_vsisimple.cpp:290) ==8758== by 0x472DE44: CPLCalloc (cpl_conv.cpp:80) ==8758== by 0x44FD4D8: NITFDataset::InitializeTextMetadata?() (nitfdataset.cpp:2177) ==8758== by 0x44FEA29: NITFDataset::GetMetadata?(char const*) (nitfdataset.cpp:2284) ==8758== by 0x46F940C: GDALGetMetadata (gdalmajorobject.cpp:177) ==8758== by 0x804B409: main (gdalinfo.c:259) ==8758== ==8758== Invalid read of size 1 ==8758== at 0x4023513: strlen (mc_replace_strmem.c:246) ==8758== by 0x5E4FDDF: vfprintf (in /lib/tls/i686/cmov/libc-2.6.1.so) ==8758== by 0x5E6A33B: vsprintf (in /lib/tls/i686/cmov/libc-2.6.1.so) ==8758== by 0x5E559BD: sprintf (in /lib/tls/i686/cmov/libc-2.6.1.so) ==8758== by 0x474DE84: CSLAddNameValue (cpl_string.cpp:1232) ==8758== by 0x474E2C4: CSLSetNameValue (cpl_string.cpp:1319) ==8758== by 0x46FAB87: GDALMultiDomainMetadata::SetMetadataItem?(char const*, char const*, char const*) (gdalmultidomainmetadata.cpp:171) ==8758== by 0x44FD70F: NITFDataset::InitializeTextMetadata?() (nitfdataset.cpp:2191) ==8758== by 0x44FEA29: NITFDataset::GetMetadata?(char const*) (nitfdataset.cpp:2284) ==8758== by 0x46F940C: GDALGetMetadata (gdalmajorobject.cpp:177) ==8758== by 0x804B409: main (gdalinfo.c:259) ==8758== Address 0x6F9DC59 is 0 bytes after a block of size 1 alloc'd ==8758== at 0x4021AA4: calloc (vg_replace_malloc.c:279) ==8758== by 0x475E483: VSICalloc (cpl_vsisimple.cpp:290) ==8758== by 0x472DE44: CPLCalloc (cpl_conv.cpp:80) ==8758== by 0x44FD4D8: NITFDataset::InitializeTextMetadata?() (nitfdataset.cpp:2177) ==8758== by 0x44FEA29: NITFDataset::GetMetadata?(char const*) (nitfdataset.cpp:2284) ==8758== by 0x46F940C: GDALGetMetadata (gdalmajorobject.cpp:177) ==8758== by 0x804B409: main (gdalinfo.c:259)

Change History

Changed 5 years ago by rouault

  • cc warmerdam added
  • owner changed from warmerdam to rouault
  • status changed from new to assigned

Changed 5 years ago by rouault

  • status changed from assigned to closed
  • resolution set to fixed

Fixed in trunk in r14454 and in branches/1.5 in r14455

Note: See TracTickets for help on using tickets.