Opened 17 years ago
Closed 17 years ago
#2132 closed defect (fixed)
Invalid pointer access in msGetEncodedString()
| Reported by: | dmorissette | Owned by: | dmorissette |
|---|---|---|---|
| Priority: | normal | Milestone: | |
| Component: | MapServer C Library | Version: | |
| Severity: | normal | Keywords: | |
| Cc: | sdlime |
Description
Using valgrind I found that msGetEncodedString() will sometimes allocate a 0-size buffer for the output strng if the input string len is 0. This can lead to invalid memory writes.
Note:
See TracTickets
for help on using tickets.
Fixed in branch 4.10 (r6245) by allocating a large enough buffer. Note that this possible error condition was not encountered often (if at all) in 4.10 because msGetEncodedString() was only called inside the label cache rendering code.
However in 4.99 (future 5.0) the call to msGetEncodedString() has been moved earlier in the process and 0-size strings are more common at that point. The fix in the SVN trunk (r6246) also includes some tests to do nothing if len is 0 or if the source encoding is already UTF-8. We also removed an unnecessary copy of the input buffer that was made.