Opened 17 years ago
Closed 17 years ago
#1768 closed defect (fixed)
Uninitialized memory in WMS driver's gdalhttp.c
Reported by: | Daniel Morissette | Owned by: | Daniel Morissette |
---|---|---|---|
Priority: | normal | Milestone: | 1.5.0 |
Component: | default | Version: | svn-trunk |
Severity: | normal | Keywords: | |
Cc: | nowakpl |
Description
Valgrind reports the following when running gdaltranslate on a WMS data source:
==10260== Conditional jump or move depends on uninitialised value(s) ==10260== at 0x416A022: CPLHTTPFetchMulti(CPLHTTPRequest*, int) (gdalhttp.cpp:189) ==10260== by 0x4236660: GDALWMSRasterBand::IReadBlock(int, int, void*) (rasterband.cpp:116) ==10260== by 0x4290D60: GDALRasterBand::GetLockedBlockRef(int, int, int) (gdalrasterband.cpp:1087) ==10260== by 0x42A37D2: GDALRasterBand::IRasterIO(GDALRWFlag, int, int, int, int, void*, int, int, GDALDataType, int, int) (rasterio.cpp:89) ==10260== by 0x4235D1E: GDALWMSRasterBand::IRasterIO(GDALRWFlag, int, int, int, int, void*, int, int, GDALDataType, int, int) (rasterband.cpp:168) ==10260== by 0x428F92F: GDALRasterBand::RasterIO(GDALRWFlag, int, int, int, int, void*, int, int, GDALDataType, int, int) (gdalrasterband.cpp:225) ==10260== by 0x42334CF: PNGCreateCopy(char const*, GDALDataset*, int, char**, int (*)(double, char const*, void*), void*) (pngdataset.cpp:1131) ==10260== by 0x427E705: GDALDriver::CreateCopy(char const*, GDALDataset*, int, char**, int (*)(double, char const*, void*), void*) (gdaldriver.cpp:406) ==10260== by 0x427E8CB: GDALCreateCopy (gdaldriver.cpp:445) ==10260== by 0x804B37C: ProxyMain(int, char**) (gdal_translate.cpp:575) ==10260== by 0x804BEFF: main (gdal_translate.cpp:865)
Change History (2)
comment:1 by , 17 years ago
Status: | new → assigned |
---|
comment:2 by , 17 years ago
Resolution: | → fixed |
---|---|
Status: | assigned → closed |
Note:
See TracTickets
for help on using tickets.
The problem was that psRequest->m_curl_error was malloc'd but was not initialized (i.e. null-terminated) so the test on (psRequest->m_curl_error[0] != '\0') at the end of CPLHTTPFetchMulti() was reading uninitialized memory.
Fixed in r11974 by setting psRequest->m_curl_error[0] = '\0' after allocating the buffer.