Opened 21 years ago

Last modified 21 years ago

#360 closed defect (fixed)

crash

Reported by: simon@… Owned by: warmerdam
Priority: highest Milestone:
Component: OGR_SF Version: unspecified
Severity: critical Keywords:
Cc:

Description 

we traced a ogr lib crash reading a shape file to the following function in 
frmts/shapelib/dbfopen.c

PszValue was assigned a null after a call to DBFReadStringAttribute and it was 
then dereferenced; A simple null pointer check with return fixed it.

int SHPAPI_CALL
DBFIsAttributeNULL( DBFHandle psDBF, int iRecord, int iField )

{
    const char	*pszValue;

    pszValue = DBFReadStringAttribute( psDBF, iRecord, iField );

    // ** null check here **
    if (pszValue == NULL)
      return 1;

    switch(psDBF->pachFieldType[iField])
    {
      case 'N':
      case 'F':
        /* NULL numeric fields have value "****************" */
        return pszValue[0] == '*';

      case 'D':
        /* NULL date fields have value "00000000" */
        return strncmp(pszValue,"00000000",8) == 0;

      case 'L':
        /* NULL boolean fields have value "?" */ 
        return pszValue[0] == '?';

      default:
        /* empty string fields are considered NULL */
        return strlen(pszValue) == 0;
    }
}

Change History (2)

comment:1 by warmerdam, 21 years ago 

I'm not sure when pszValue should be NULL with valid inputs, but this check
is definately a good idea.  

Patch applied.

comment:2 by warmerdam, 21 years ago 

*** Bug 362 has been marked as a duplicate of this bug. ***
Note: See TracTickets for help on using tickets.