Opened 19 years ago
Closed 19 years ago
#1442 closed defect (fixed)
Segmentation fault when freeing attribute name
| Reported by: | Owned by: | ||
|---|---|---|---|
| Priority: | high | Milestone: | |
| Component: | Input - Native Oracle Spatial Support | Version: | unspecified |
| Severity: | normal | Keywords: | |
| Cc: |
Description
Hallo!
I found a bug in msOracleSpatialLayerGetItems: Copying rzt (the attribute name
filled by oracle) into flk strcpy is used. However strcopy does not take care
that only the attribute name is copied. Thus flk is filled with lots of rubbish.
Even if '\0' is filled at the right position to ensure that printing the
attribute name works well.
In some cases (as it did for me) this can lead to segmentation faults. I fixed
this by using strncpy instead:
--- maporaclespatial.c.orig Mon Aug 15 19:40:40 2005
+++ maporaclespatial.c Mon Aug 15 19:41:28 2005
@@ -1951,7 +1951,7 @@
}
else
{
- strcpy(flk, rzt);
+ strncpy(flk, rzt, flk_len);
/*memcpy(flk, rzt, flk_len); #FIXED*/
flk[flk_len] = '\0';
}
Many greetings,
Silke
Note:
See TracTickets
for help on using tickets.
