Opened 10 years ago
Closed 10 years ago
#5345 closed defect (fixed)
NTF RpfTocDataset crashes on certain data
| Reported by: | chengtsai | Owned by: | warmerdam |
|---|---|---|---|
| Priority: | high | Milestone: | 1.10.2 |
| Component: | GDAL_Raster | Version: | 1.10.0 |
| Severity: | normal | Keywords: | rpf toc ntf |
| Cc: | brian.deyoung@…; cheng-yen.tsai@… |
Description
I found a bug in frmts\nitf\rpftocdataset.cpp, near line 825. It looks like just a typo "i" should have been "iC".
Symptom is when using a.toc's that do not have a frame at the start (top left?) (index 0) of the bounding box, this code may index into the color table improperly, returning a null pointer, leading to a memory crash.
Existing line 825 starts with:
const GDALColorEntry* entry = poCT->GetColorEntry(i);
| entry->c2 != 0 | entry->c3 != 0 ){ |
...
}
Proposed change to:
const GDALColorEntry* entry = poCT->GetColorEntry(iC); if( entry != NULL ){
if( entry->c1 != 0 entry->c2 != 0 entry->c3 != 0 ){ ...
}
}
Change History (1)
comment:1 by , 10 years ago
| Component: | default → GDAL_Raster |
|---|---|
| Milestone: | 1.11.0 → 1.10.2 |
| Resolution: | → fixed |
| Status: | new → closed |
Note:
See TracTickets
for help on using tickets.
Good catch. Thanks
trunk r26796, branches/1.10 r26797 "RPFTOC: fix potential crash on some datasets when selecting the color palette (#5345, by chengtsai)"