Opened 12 years ago
Closed 12 years ago
#813 closed defect (duplicate)
Fix buffer overflow in FDO PostGis provider
| Reported by: | samwang | Owned by: | Brent Robinson |
|---|---|---|---|
| Priority: | major | Milestone: | 3.7.0 |
| Component: | PostGIS Provider | Version: | 3.7.0 |
| Severity: | 2 | Keywords: | buffer overflow |
| Cc: | External ID: |
Description
There is an buffer overflow in FDO postGis provider: in Providers\GenericRdbms\Src\PostGis\Driver\fetch.c line 143
strncpy(buffer, fvalue, fvalue_length); buffer[fvalue_length] = '\0';
There are chances when the favlue_length is larger than the actual buffer length, since for Unicode characters they are encoded in UTF-8 which means a character can be encoded in more than one byte and up to four bytes. But the buffer size allocated is just the logical length of the property defined(the number of Unicode character numbers) in bytes. Thus a buffer overflow may happen.
This ticket addresses this problem.
Note:
See TracTickets
for help on using tickets.
