Ticket #2372 (closed defect: fixed)

Opened 4 years ago

Last modified 4 years ago

Buffer overflow when calling GTIFDirectoryInfo in GTIFGetOGISDefn

Reported by: copycd Owned by: rouault
Priority: normal Milestone: 1.5.2
Component: GDAL_Raster Version: 1.5.1
Severity: normal Keywords: gtiff
Cc: warmerdam

Description

Please, look at line 230 of gt_wkt_srs.cpp file.

source code ------------

int nVersion; if( hGTIF != NULL )

GTIFDirectoryInfo( hGTIF, &nVersion, &nKeyCount );

--------------------------------

but, GTIFDirectoryInfo function parameter receive "int nVersion[]". and, use nVersion[0], nVersion[1], nVersion[3].

Why?

Change History

Changed 4 years ago by rouault

  • owner changed from warmerdam to rouault
  • status changed from new to assigned

Changed 4 years ago by rouault

  • status changed from assigned to closed
  • cc warmerdam added
  • component changed from default to GDAL_Raster
  • summary changed from I surmise bug in gdal library with version 1.5.1 to Buffer overflow when calling GTIFDirectoryInfo in GTIFGetOGISDefn
  • milestone set to 1.5.2
  • keywords gtiff added
  • resolution set to fixed

Thanks for the reporting ! Yes, it was definitely a buffer overflow.

Fixed in trunk in r14471 and in branches/1.5 in r14472

Note: See TracTickets for help on using tickets.