Opened 16 years ago
Closed 15 years ago
#2610 closed defect (fixed)
[PATCH - Shapelib] SHPCreateTree() segfaults on buggy shapefile
| Reported by: | Even Rouault | Owned by: | warmerdam |
|---|---|---|---|
| Priority: | normal | Milestone: | |
| Component: | OGR_SF | Version: | unspecified |
| Severity: | normal | Keywords: | shape |
| Cc: | mchapman@… |
Description
In the file shptree.c on line 261 (psShape = SHPReadObject( hSHP, iShape );) in function SHPCreateTree() when the call to SHPReadObject() returns NULL the code crashes because the following line (262) tries to use the psShape pointer without checking if it is NULL. SHPReadObject() correctly captures the error but stills fails in SHPCreateTree(). I know the shape file is probably invalid but other shape drivers handle it correctly so it would be nice if you could stick an if (psShape == NULL) check in there so it doesn't just crash hard. If you need a file that does this please let me know and I will send it to you.
Reproduced with buggypoint.shp in autotest/ogr/data.
Attached a patch that fixes the issue
Attachments (1)
Change History (2)
by , 16 years ago
| Attachment: | shptree.c.patch added |
|---|
comment:1 by , 15 years ago
| Resolution: | → fixed |
|---|---|
| Status: | new → closed |
Note:
See TracTickets
for help on using tickets.
Fixed in GDAL 1.6.0 in r15720