Opened 13 years ago
Closed 7 years ago
#814 closed defect (fixed)
Fix buffer overflow in FDO PostGis provider
| Reported by: | samwang | Owned by: | Sam Wang |
|---|---|---|---|
| Priority: | major | Milestone: | 3.7.0 |
| Component: | PostGIS Provider | Version: | 3.7.0 |
| Severity: | 2 | Keywords: | buffer overflow |
| Cc: | External ID: |
Description
There is an buffer overflow in FDO postGis provider: in Providers\GenericRdbms\Src\PostGis\Driver\fetch.c line 143
strncpy(buffer, fvalue, fvalue_length); buffer[fvalue_length] = '\0';
There are chances when the favlue_length is larger than the actual buffer length, since for Unicode characters they are encoded in UTF-8 which means a character can be encoded in more than one byte and up to four bytes. But the buffer size allocated is just the logical length of the property defined(the number of Unicode character numbers) in bytes. Thus a buffer overflow may happen.
This ticket addresses this problem.
The fix is attached.
Attachments (1)
Change History (2)
by , 13 years ago
| Attachment: | BufferOverfowFix.patch added |
|---|
comment:1 by , 7 years ago
| Resolution: | → fixed |
|---|---|
| Status: | new → closed |
Note:
See TracTickets
for help on using tickets.
