Opened 12 years ago

Closed 12 years ago

#2372 closed defect (fixed)

Buffer overflow when calling GTIFDirectoryInfo in GTIFGetOGISDefn

Reported by: copycd Owned by: Even Rouault
Priority: normal Milestone: 1.5.2
Component: GDAL_Raster Version: 1.5.1
Severity: normal Keywords: gtiff
Cc: warmerdam

Description

Please, look at line 230 of gt_wkt_srs.cpp file.

source code ------------

int nVersion; if( hGTIF != NULL )

GTIFDirectoryInfo( hGTIF, &nVersion, &nKeyCount );

--------------------------------

but, GTIFDirectoryInfo function parameter receive "int nVersion[]". and, use nVersion[0], nVersion[1], nVersion[3].

Why?

Change History (2)

comment:1 Changed 12 years ago by Even Rouault

Owner: changed from warmerdam to Even Rouault
Status: newassigned

comment:2 Changed 12 years ago by Even Rouault

Cc: warmerdam added
Component: defaultGDAL_Raster
Keywords: gtiff added
Milestone: 1.5.2
Resolution: fixed
Status: assignedclosed
Summary: I surmise bug in gdal library with version 1.5.1Buffer overflow when calling GTIFDirectoryInfo in GTIFGetOGISDefn

Thanks for the reporting ! Yes, it was definitely a buffer overflow.

Fixed in trunk in r14471 and in branches/1.5 in r14472

Note: See TracTickets for help on using tickets.