Opened 21 years ago

Last modified 21 years ago

#361 closed defect (fixed)

crash reading shape file #2

Reported by: simon@… Owned by: warmerdam
Priority: highest Milestone:
Component: OGR_SF Version: unspecified
Severity: critical Keywords:
Cc:

Description 

we trace a crash when reading a shape file to OGRLinearRing constructor in 
the ogr directory

- the crash was to do with memcpy with a null pointer; we put in a null
check to fix the problem and a few more for good measure.  Here is the fix.

/************************************************************************/
/*                           OGRLinearRing()                            */
/************************************************************************/

OGRLinearRing::OGRLinearRing( OGRLinearRing * poSrcRing )
{
  // SPR NULL checks and checks to ensure points in memcopies not zero
  if (poSrcRing != NULL)
  {
    setNumPoints( poSrcRing->getNumPoints() );

    if (paoPoints != NULL && poSrcRing->paoPoints != NULL)
      memcpy( paoPoints, poSrcRing->paoPoints,
              sizeof(OGRRawPoint) * getNumPoints() );

    if ( padfZ != NULL && poSrcRing->padfZ != NULL )
    {
      Make3D();
      memcpy( padfZ, poSrcRing->padfZ, sizeof(double) * getNumPoints() );
    }
  }
}

Change History (1)

comment:1 by warmerdam, 21 years ago 

I added the poSrcRing check (along with a debug message if it is NULL). 

I didn't add the paoPoints, and poSrcRingpaoPoints tests.  Internal
invariants should assure these are safe ... note that if allocations
fail within OGR classes it normally results in application termination. 

The last test on padfZ is in error, and will prevent a new OGRLinearRing from
getting the Z coordinates from an existing 3D linear ring.  The padfZ doesn't
necessarily become non-NULL till after the Make3D() call.  I didn't include
this part.
Note: See TracTickets for help on using tickets.