Ticket #1613 (assigned defect)
segmentation fault in mapimagemap.c when creating large imagemaps
|Reported by:||roland@…||Owned by:||sdlime|
|Component:||MapServer C Library||Version:||unspecified|
Mapserver crashes (segmentation fault) when using the imagemap driver to generate a large HTML map. This bug is caused by a buffer overflow in the vsprintf function in mapimagemap.c. The function im_iprintf is used to concat a string and increase the allocated buffersize if the remaining size is too small. The buffersize is checked by using the return value of the vsnprintf. This can not be checked by using the return value of the vsprintf function. On 2004/11/23 17:09:05 Revision 1.19, Frank added a compiler check on vsnprintf before using it. If HAVE_VSNPRINTF is undefined (why is it undefined?) the vsprintf function will be used. This causes a buffer overflow when the generated HTML is larger then the buffer size.
Note: See TracTickets for help on using tickets.