#6312 closed defect (fixed)

Memory access violation in OGRFeature::SetGeomField when old and new pointers refer to the same geometry

Reported by: dsogari Owned by: warmerdam
Priority: normal Milestone: 2.0.2
Component: default Version: svn-trunk
Severity: normal Keywords: OGRfeature SetGeomField
Cc:

Description (last modified by dsogari)

Perhaps this is not a naturally occurring use case scenario, but the SetGeomField? member function of OGRFeature that takes the field index as parameter is not robust, in that it does not check whether the old geometry pointer is the same as the new one. In the case that they are the same (papoGeometries[iField] == poGeomIn) the call of the clone() method (line 744 of ogrfeature.cpp in trunk) causes memory access violation, because the geometry's destructor is executed in the preceding delete statement (line 741 of ogrfeature.cpp).

Fix: save papoGeometries[iField] to a temp variable and delete it afterwards

OGRGeometry *poOldGeometry = papoGeometries[iField];

...

delete poOldGeometry;

I guess that SetGeomFieldDirectly? should also have a similar check, despite the nonsensical nature of this use case scenario.

Change History (3)

comment:1 Changed 21 months ago by dsogari

Description: modified (diff)

comment:2 Changed 21 months ago by dsogari

Description: modified (diff)

comment:3 Changed 21 months ago by Even Rouault

Milestone: 2.0.2
Resolution: fixed
Status: newclosed

trunk r32999, branches/2.0 r33000 "OGRFeature::SetGeometry?()/SetGeometryDirectly?(): make it work when passed geometry is the currently installed geometry (#6312, derived from proposed fix by dsogari)"

Note: See TracTickets for help on using tickets.