Opened 16 years ago
Closed 16 years ago
#2372 closed defect (fixed)
Buffer overflow when calling GTIFDirectoryInfo in GTIFGetOGISDefn
| Reported by: | copycd | Owned by: | Even Rouault |
|---|---|---|---|
| Priority: | normal | Milestone: | 1.5.2 |
| Component: | GDAL_Raster | Version: | 1.5.1 |
| Severity: | normal | Keywords: | gtiff |
| Cc: | warmerdam |
Description
Please, look at line 230 of gt_wkt_srs.cpp file.
source code ------------
int nVersion; if( hGTIF != NULL )
GTIFDirectoryInfo( hGTIF, &nVersion, &nKeyCount );
--------------------------------
but, GTIFDirectoryInfo function parameter receive "int nVersion[]". and, use nVersion[0], nVersion[1], nVersion[3].
Why?
Change History (2)
comment:1 by , 16 years ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
comment:2 by , 16 years ago
| Cc: | added |
|---|---|
| Component: | default → GDAL_Raster |
| Keywords: | gtiff added |
| Milestone: | → 1.5.2 |
| Resolution: | → fixed |
| Status: | assigned → closed |
| Summary: | I surmise bug in gdal library with version 1.5.1 → Buffer overflow when calling GTIFDirectoryInfo in GTIFGetOGISDefn |
Note:
See TracTickets
for help on using tickets.
Thanks for the reporting ! Yes, it was definitely a buffer overflow.
Fixed in trunk in r14471 and in branches/1.5 in r14472