Ticket #2572 (closed defect: fixed)
Segmentation fault in msSplitData in maporaclespatial.c
|Reported by:||aalbarello||Owned by:||fsimon@…|
|Component:||Input - Native Oracle Spatial Support||Version:||svn-trunk (development)|
data_version is defined as char in function msSplitData on line 284 of maporaclespatial.c (as of svn-trunk revision 7504), although on lines 424 through 429 up to 4 bytes are copied into the string (e.g. "VERSION 10g" in the DATA definition leads to "10g" plus the final null character being written to the buffer). This can cause segmentation faults, and particularly so on Linux, most likely due to the different memory alignment. Defining data_version as char solves the problem.
Adding some length checks to avoid similar buffer overflows in msSplitData, at least as far as data_version and tok_function is concerned, wouldn't hurt anyways.