Opened 16 years ago
Closed 16 years ago
#2572 closed defect (fixed)
Segmentation fault in msSplitData in maporaclespatial.c
| Reported by: | aalbarello | Owned by: | |
|---|---|---|---|
| Priority: | normal | Milestone: | 5.2 release |
| Component: | Input - Native Oracle Spatial Support | Version: | svn-trunk (development) |
| Severity: | normal | Keywords: | |
| Cc: | sdlime |
Description
data_version is defined as char[3] in function msSplitData on line 284 of maporaclespatial.c (as of svn-trunk revision 7504), although on lines 424 through 429 up to 4 bytes are copied into the string (e.g. "VERSION 10g" in the DATA definition leads to "10g" plus the final null character being written to the buffer). This can cause segmentation faults, and particularly so on Linux, most likely due to the different memory alignment. Defining data_version as char[4] solves the problem.
Adding some length checks to avoid similar buffer overflows in msSplitData, at least as far as data_version and tok_function is concerned, wouldn't hurt anyways.
Attachments (1)
Change History (4)
comment:1 by , 16 years ago
| Component: | MapServer C Library → Input - Native Oracle Spatial Support |
|---|---|
| Milestone: | → 5.2 release |
| Owner: | changed from to |
| Version: | 5.0 → svn-trunk (development) |
comment:2 by , 16 years ago
| Cc: | added; removed |
|---|
Note:
See TracTickets
for help on using tickets.
I hope this can be fixed in time for Mapserver 5.2. CC'ing Steve as the fix is trivial and I haven't yet heard from the Oracle Spatial maintainer.
Andreas