Opened 9 years ago
Closed 8 years ago
#6120 closed defect (fixed)
OGRSXFLayer::TranslatePolygon validating the number of records
Reported by: | Kurt Schwehr | Owned by: | warmerdam |
---|---|---|---|
Priority: | normal | Milestone: | |
Component: | default | Version: | svn-trunk |
Severity: | normal | Keywords: | |
Cc: | bishop |
Description (last modified by )
CID 139115 (#1 of 1): Untrusted loop bound (TAINTED_SCALAR) 9. tainted_data: Using tainted variable nCoords as a loop boundary.
I think that the solution is make sure that the number of records in the buffer * the size of a record is the same as the buffer size. I've added a warning and TODO's into the method. I added the 6 to make the values match, but I'm not familar with the SXF format. Would be great to get some help with what should be the correct value in the check and how to properly manage an error.
Change History (4)
comment:1 by , 9 years ago
Description: | modified (diff) |
---|
comment:2 by , 9 years ago
Cc: | added |
---|
comment:3 by , 9 years ago
According to SXF format specification the geometry size stored in sxf file. So I allocated the buffer for such value: https://github.com/OSGeo/gdal/blob/trunk/gdal/ogr/ogrsf_frmts/sxf/ogrsxflayer.cpp#L767
And than in TranslatePolygon I additionally check if buffer is not overload:
https://github.com/OSGeo/gdal/blob/trunk/gdal/ogr/ogrsf_frmts/sxf/ogrsxflayer.cpp#L1369
Breaking (not aborting) if buffer overload only stops reading this record and gave chance to read others. Also buffer overloading indicating that SXF file corrupted (but I never faced such problem).
So I think additional checking not needed here.
If you need some samples you can grab some OSM data in SXF format here: http://www.gisinfo.ru/price/price_map.htm For example: http://gistoolkit.ru/download/osm/ru-mow.sxf.zip
comment:4 by , 8 years ago
Resolution: | → fixed |
---|---|
Status: | new → closed |
6 months not change. Think everything is ok. If I'm not right, please reopen.
Adding Dmitry in CC