Opened 14 years ago
Closed 14 years ago
#2934 closed defect (fixed)
Memory overwrite while zooming an ECW image
| Reported by: | oren | Owned by: | warmerdam |
|---|---|---|---|
| Priority: | normal | Milestone: | 1.6.1 |
| Component: | GDAL_Raster | Version: | unspecified |
| Severity: | normal | Keywords: | ECW |
| Cc: |
Description
Symptom: When calling GDALRasterIO() with a target region larger than the source region (the super sampling case), it causes a memory overwrite.
Solution: In ECWRasterBand::IRasterIO(), “ecwdataset.cpp”, line 446 - change the last parameter of memcpy() from “nLineSpace” to “nBufXSize * nPixelSpace”.
Change History (4)
comment:1 by , 14 years ago
| Keywords: | ECW added |
|---|---|
| Status: | new → assigned |
comment:2 by , 14 years ago
| Priority: | highest → normal |
|---|
comment:3 by , 14 years ago
I could reproduce the problem with an unusual size of buffer:
#include <gdal.h>
int main(int argc, char* argv[])
{
GDALAllRegister();
GDALDatasetH hDS = GDALOpen(argv[1], GA_ReadOnly);
int nBufXSize = 2;
int nBufYSize = 4;
int nPixelSpace = 2;
int nLineSpace = nPixelSpace * nBufXSize;
char* buf = (char*)malloc((nBufYSize-1)*nLineSpace+(nBufXSize-1)*nPixelSpace+1);
GDALRasterIO( GDALGetRasterBand(hDS, 1), GF_Read, 0, 0, 1, 2, buf, nBufXSize, nBufYSize, GDT_Byte, nPixelSpace, nLineSpace);
free(buf);
GDALClose(hDS);
return 0;
}
In the case, the suggested fix doesn't work.
Fix to follow.
comment:4 by , 14 years ago
| Milestone: | → 1.6.1 |
|---|---|
| Resolution: | → fixed |
| Status: | assigned → closed |
Note:
See TracTickets
for help on using tickets.
Oren,
I tried forcing supersampling with a command like:
and amoung other things this reported:
However, according to valgrind there was no buffer overwrites occuring. Can you give me more information on how to trigger this error? Does it require a situation nLineSpace is unusual? I'm guessing that it does.