Opened 20 years ago
Closed 20 years ago
#700 closed defect (duplicate)
mapcopy bug using same string twice
Reported by: | Owned by: | ||
---|---|---|---|
Priority: | high | Milestone: | |
Component: | MapServer C Library | Version: | 4.3 |
Severity: | normal | Keywords: | |
Cc: |
Description
Hi, mapcopy has a bug in the copyWeb using copyStringProperty that existing sting in the original simply assignes to the destination. The freeMap then call free twice for the same pointer, and that makes heap corruption. The patch follows.
Attachments (2)
Change History (4)
by , 20 years ago
Attachment: | mapcopy.patch.txt added |
---|
comment:1 by , 20 years ago
Owner: | changed from | to
---|
comment:2 by , 20 years ago
Resolution: | → duplicate |
---|---|
Status: | new → closed |
This bug is obolete now. The proposed solution is in the #701. It resolves both memory corruption caused by strcpy overflow and stuct copy. The example of the problem is here: initMap... map->name = strdup("MS"); leter copying the map using copyStringProperty... if (*dst) strcpy(*dst, src); And that is the problem, cause the src might be (and mostly it is) larger then the allocated deault memory. *** This bug has been marked as a duplicate of 701 ***
Note:
See TracTickets
for help on using tickets.
using copyStringPropertyRealloc