Opened 15 years ago
Closed 14 years ago
#564 closed defect (fixed)
SHP provider crashed when reallocing memory in ReadRawDataBlock.
| Reported by: | StevenXu | Owned by: | StevenXu |
|---|---|---|---|
| Priority: | major | Milestone: | 3.5.0 |
| Component: | FDO API | Version: | 3.4.0 |
| Severity: | 2 | Keywords: | |
| Cc: | External ID: | 1242062 |
Description
The un-reasonble memory size directly results in this crash. For example, sometimes the size of reallocing memory is greater than 1 GB.
Why the SHP provider need to realloc so large size of memory? SHP provider should get the wrong size of the data block in runtime.
In some cases, the user's SHP file violated the SHP file specification so that our SHP provider misunderstand them.
Another possible reason, there is a defect in the function ShpFileSet::MakeSpace, which would corrupt SHP file under some extremed conditions. At last, this corrupted SHP file result in this crash.
Attachments (1)
Change History (5)
comment:1 by , 15 years ago
| Status: | new → assigned |
|---|
by , 15 years ago
| Attachment: | Ticket_564.patch added |
|---|
comment:2 by , 15 years ago
comment:3 by , 15 years ago
Steven's fix has been submitted to trunk - r5024.
Submission to 3.4 branch stream is pending.
comment:4 by , 14 years ago
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
Made submission to 3.4 branch stream as http://trac.osgeo.org/fdo/changeset/5102
It is obviously that SHP provider got the wrong size of memory in runtime.
Why it would happen?
In some cases, the user's SHP files violated the SHP file specification so that our SHP provider can't understand them and read an incredible size of the data block from them.
Another possible reason, there is a defect in the function
which could corrupt SHP file in some extreme cases. As a result, this corrupted SHP file leads to this crash.
The attachment "Ticket_564.patch" is the fix against: http://svn.osgeo.org/fdo/trunk/Providers/SHP/Src/Provider/ShpFileSet.cpp
It includes two fixes.
exceptions, eat these exceptions and return a Null Shape.
ShpFileSet::MakeSpace { ...... Line 655: while (shp->ReadFile (buffer + plus, size, &read) && (size == read)) Line 665: if (0 != read) ...... }The if statement isn't right and which would result in the last "excess" bytes of the file were missing , when the "while" statement success in reading the all bytes of the file once.