Opened 10 years ago
Closed 10 years ago
#5464 closed defect (fixed)
Write-after-end-of-buffer in openfilegdb table
Reported by: | Even Rouault | Owned by: | Even Rouault |
---|---|---|---|
Priority: | normal | Milestone: | 1.11.1 |
Component: | OGR_SF | Version: | 1.11.0 |
Severity: | normal | Keywords: | openfilegdb |
Cc: |
Description (last modified by )
There are situations where a few bytes can be written after then end of a buffer. For example with the attached dataset.
$ valgrind ogrinfo /vsizip/ticket5464.gdb.zip/tmp.gdb/a00000003.gdbtable -al ==23995== Memcheck, a memory error detector ==23995== Copyright (C) 2002-2009, and GNU GPL'd, by Julian Seward et al. ==23995== Using Valgrind-3.6.0.SVN-Debian and LibVEX; rerun with -h for copyright info ==23995== Command: ogrinfo /vsizip/ticket5464.gdb.zip/tmp.gdb/a00000003.gdbtable -al ==23995== Had to open data source read-only. INFO: Open of `/vsizip/ticket5464.gdb.zip/tmp.gdb/a00000003.gdbtable' using driver `OpenFileGDB' successful. Layer name: GDB_SpatialRefs Geometry: Unknown (any) Feature Count: 2 Layer SRS WKT: (unknown) FID Column = ID SRTEXT: String (0.0) FalseX: Real (0.0) FalseY: Real (0.0) XYUnits: Real (0.0) FalseZ: Real (0.0) ZUnits: Real (0.0) FalseM: Real (0.0) MUnits: Real (0.0) XYTolerance: Real (0.0) ZTolerance: Real (0.0) MTolerance: Real (0.0) OGRFeature(GDB_SpatialRefs):1 SRTEXT (String) = GEOGCS["GCS_WGS_1984",DATUM["D_WGS_1984",SPHEROID["WGS_1984",6378137.0,298.257223563]],PRIMEM["Greenwich",0.0],UNIT["Degree",0.0174532925199433]] FalseX (Real) = -180 FalseY (Real) = -90 XYUnits (Real) = 1000000 FalseZ (Real) = (null) ZUnits (Real) = (null) FalseM (Real) = (null) MUnits (Real) = (null) XYTolerance (Real) = 2e-06 ZTolerance (Real) = (null) MTolerance (Real) = (null) ==23995== Invalid write of size 1 ==23995== at 0x5A9D483: OpenFileGDB::FileGDBTable::SelectRow(int) (filegdbtable.cpp:1082) ==23995== by 0x5D09FBD: OGROpenFileGDBLayer::GetNextFeature() (ogropenfilegdblayer.cpp:1249) ==23995== by 0x40434D: ReportOnLayer(OGRLayer*, char const*, char const*, OGRGeometry*) (ogrinfo.cpp:557) ==23995== by 0x403929: main (ogrinfo.cpp:334) ==23995== Address 0x17785ab2 is 0 bytes after a block of size 242 alloc'd ==23995== at 0x4C274A8: malloc (vg_replace_malloc.c:236) ==23995== by 0x5A05BB1: VSIMalloc (cpl_vsisimple.cpp:505) ==23995== by 0x5A9BD7C: OpenFileGDB::FileGDBTable::Open(char const*) (filegdbtable.cpp:670) ==23995== by 0x5D06F89: OGROpenFileGDBLayer::BuildLayerDefinition() (ogropenfilegdblayer.cpp:255) ==23995== by 0x5D07723: OGROpenFileGDBLayer::GetGeomType() (ogropenfilegdblayer.cpp:414) ==23995== by 0x403D89: ReportOnLayer(OGRLayer*, char const*, char const*, OGRGeometry*) (ogrinfo.cpp:460) ==23995== by 0x403929: main (ogrinfo.cpp:334) ==23995== OGRFeature(GDB_SpatialRefs):2 SRTEXT (String) = GEOGCS["GCS_Australian_Antarctic_1998",DATUM["D_Australian_Antarctic_1998",SPHEROID["GRS_1980",6378137.0,298.257222101]],PRIMEM["Greenwich",0.0],UNIT["Degree",0.0174532925199433]] FalseX (Real) = -400 FalseY (Real) = -400 XYUnits (Real) = 1000000000 FalseZ (Real) = -100000 ZUnits (Real) = 10000 FalseM (Real) = (null) MUnits (Real) = (null) XYTolerance (Real) = 8.983153e-09 ZTolerance (Real) = 0.001 MTolerance (Real) = (null)
Attachments (1)
Change History (3)
comment:1 by , 10 years ago
Description: | modified (diff) |
---|
by , 10 years ago
Attachment: | ticket5464.gdb.zip added |
---|
comment:2 by , 10 years ago
Resolution: | → fixed |
---|---|
Status: | new → closed |
Note:
See TracTickets
for help on using tickets.
trunk r27302, branches/1.11 r27303 "OpenFileGDB: fix occasionnal write-after-end-of-buffer (#5464)"