id,summary,reporter,owner,description,type,status,priority,milestone,component,version,severity,resolution,keywords,cc 2807,[PATCH] Fix parameter validation and memory allocation in INGR driver,rouault,ilucena,"Ivan, I'm attaching a patch that adds some validation of values read from INGR files that have influence on memory allocations, and prevent from a few crashes in presence of corrupted/hostile files. Most changes are purely mechanical : use VSIMalloc/Calloc instead of CPLMalloc/Calloc as the first one is non fatal, and check the returned pointer against NULL. However, I'd like that you confirm that my changes, in particularly the one related to missing tile blocks in IntergraphRasterBand::LoadBlockBuf() and its calling functions is correct. I'm not sure that this code path is tested by one of the tests in autotest/gdrivers/ingr.py The current code which is : {{{ // -------------------------------------------------------------------- // Read from tiles or read from strip // -------------------------------------------------------------------- if( bTiled ) { nBlockId = nBlockXOff + nBlockYOff * nBlocksPerRow; if( pahTiles[nBlockId].Start == 0 ) { // ------------------------------------------------------------ // Uninstantieted tile, unique value // ------------------------------------------------------------ memset( pabyBlock, pahTiles[nBlockId].Used, nBlockBufSize ); return nBlockBufSize; } }}} seems wrong in the memset. pahTiles[nBlockId].Used seems to be a number of bytes, and not an init value. And there's no guarantee that the pabyBlock buffer is at least nBlockBufSize. I could manage to trigger a Valgrind error on a RLE dataset, because in that case pabyBlock == pabyRLEBlock, which is nRLESize, and possibly I think < nBlockBufSize. My change is to move and change that test to the calling functions where they do : {{{ if( bTiled && pahTiles[nBlockXOff + nBlockYOff * nBlocksPerRow].Start == 0 ) { memset( pImage, 0, nBlockBufSize ); return CE_None; } }}} ",defect,closed,normal,1.7.0,GDAL_Raster,unspecified,normal,fixed,ingr,