Opened 10 years ago
Closed 10 years ago
#5409 closed defect (fixed)
sar_ceos unsigned int wrap error
| Reported by: | Kurt Schwehr | Owned by: | Kurt Schwehr |
|---|---|---|---|
| Priority: | normal | Milestone: | |
| Component: | default | Version: | svn-trunk |
| Severity: | normal | Keywords: | tautological-compare |
| Cc: | antonio |
Description
max_bytes in source:trunk/gdal/frmts/ceos2/sar_ceosdataset.cpp is an unsigned integer. Underflow will wrap to a large number, but the code tests for max_bytes < 0, which is never true. I'll apply this to trunk in a couple days if I get no objections.
Index: frmts/ceos2/sar_ceosdataset.cpp
===================================================================
--- frmts/ceos2/sar_ceosdataset.cpp (revision 27011)
+++ frmts/ceos2/sar_ceosdataset.cpp (working copy)
@@ -2160,8 +2160,9 @@
max_records--;
if(max_bytes > 0)
{
- max_bytes -= record->Length;
- if(max_bytes < 0)
+ if(record->Length < max_bytes)
+ max_bytes -= record->Length;
+ else
max_bytes = 0;
}
}
@@ -2196,4 +2197,3 @@
GetGDALDriverManager()->RegisterDriver( poDriver );
}
}
Change History (4)
comment:1 by , 10 years ago
| Cc: | added |
|---|
comment:2 by , 10 years ago
I'm just wondering in the case where "if(record->Length < max_bytes)" is false, will max_bytes = 0 work or is it an error situation ? In which case a CPLError or CPLDebug message might be appropriate also.
comment:3 by , 10 years ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
Was wondering the same thing. I do think that if record->Length > max_bytes, that it is an error and I will at least add a CPLDebug message.
Note:
See TracTickets
for help on using tickets.
+1 for me