Ticket #2372 (closed defect: fixed)

Opened 3 months ago

Last modified 3 months ago

Buffer overflow when calling GTIFDirectoryInfo in GTIFGetOGISDefn

Reported by: copycd Assigned to: rouault
Priority: normal Milestone: 1.5.2
Component: GDAL_Raster Version: 1.5.1
Severity: normal Keywords: gtiff
Cc: warmerdam

Description

Please, look at line 230 of gt_wkt_srs.cpp file.

source code ------------

int nVersion; if( hGTIF != NULL )

GTIFDirectoryInfo( hGTIF, &nVersion, &nKeyCount );

--------------------------------

but, GTIFDirectoryInfo function parameter receive "int nVersion[]". and, use nVersion[0], nVersion[1], nVersion[3].

Why?

Change History

05/15/08 14:21:06 changed by rouault

  • status changed from new to assigned.
  • owner changed from warmerdam to rouault.

05/15/08 14:29:51 changed by rouault

  • status changed from assigned to closed.
  • cc set to warmerdam.
  • component changed from default to GDAL_Raster.
  • summary changed from I surmise bug in gdal library with version 1.5.1 to Buffer overflow when calling GTIFDirectoryInfo in GTIFGetOGISDefn.
  • milestone set to 1.5.2.
  • keywords set to gtiff.
  • resolution set to fixed.

Thanks for the reporting ! Yes, it was definitely a buffer overflow.

Fixed in trunk in r14471 and in branches/1.5 in r14472