Opened 11 years ago
Closed 11 years ago
#5258 closed defect (fixed)
HFA Driver: Few places caused access violation due to null strings
| Reported by: | jefflacoste | Owned by: | warmerdam |
|---|---|---|---|
| Priority: | normal | Milestone: | 1.10.2 |
| Component: | GDAL_Raster | Version: | 1.10.1 |
| Severity: | normal | Keywords: | |
| Cc: |
Description (last modified by )
In 'hfaopen.cpp': Following lines use 'poPro->proName', 'poPro->proSpheroid.sphereName' and 'poPro->proExeName' and if any of them happen to be null, this cause an access violation and a crash.
1450 nSize = 34 + 15 * 8 1451 + 8 + strlen(poPro->proName) + 1 1452 + 32 + 8 + strlen(poPro->proSpheroid.sphereName) + 1; 1453 1454 if( poPro->proExeName != NULL ) 1455 nSize += strlen(poPro->proExeName) + 1; 1456 Also: 1600 nSize = 26 + strlen(poDatum->datumname) + 1 + 7*8; I run into this while converting some .bt (binary terrain) to Erdas Imagine format. 1450 nSize = 34 + 15 * 8 1451 + 8 + strlen(poPro->proName) + 1 1452 + 32 + 8 + strlen(poPro->proSpheroid.sphereName) + 1; 1453 1454 if( poPro->proExeName != NULL ) 1455 nSize += strlen(poPro->proExeName) + 1; 1456
A simple fix would be to initialize the length to 0 and update it the string in question is not not null with the real length.
Also in 'hfaentry.cpp':
We are setting the string and if it happens to be null, SetFieldValue would cause a crash:
901 CPLErr HFAEntry::SetStringField( const char * pszFieldPath,
902 const char * pszValue )
903
904 {
905 return SetFieldValue( pszFieldPath, 's', (void *) pszValue );
906 }
Thanks
Change History (2)
comment:1 by , 11 years ago
| Description: | modified (diff) |
|---|
comment:2 by , 11 years ago
| Component: | default → GDAL_Raster |
|---|---|
| Milestone: | → 1.10.2 |
| Resolution: | → fixed |
| Status: | new → closed |
Note:
See TracTickets
for help on using tickets.
Can you submit your proposed corrections as a patch ? It would also be good if you could provide a way (data + command line) to reproduce the issue.