Opened 11 years ago

Closed 10 years ago

#2996 closed defect (fixed)

OGR expression parser causes access violations with large expressions

Reported by: tamas Owned by: tamas
Priority: normal Milestone: 1.6.2
Component: default Version: unspecified
Severity: normal Keywords:
Cc:

Description

Currently the expression tokenizer has a limitation of max 1024 tokens stored in a preallocated array. When reaching the upper limit an access violation may occur due to some incorrect hanglings when the sub-expressions are processed. The following patch aims to remove this limit and prevent from these errors. I should also be considered to minimize the recursion level as much as possible to prevent from the potential stack overflow in the future.

Attachments (1)

swq.c.patch (1.6 KB) - added by tamas 11 years ago.

Download all attachments as: .zip

Change History (3)

Changed 11 years ago by tamas

Attachment: swq.c.patch added

comment:1 Changed 11 years ago by tamas

Milestone: 1.6.11.6.2

Applied the fix in r17020 and r17018

comment:2 Changed 10 years ago by Even Rouault

Resolution: fixed
Status: newclosed
Note: See TracTickets for help on using tickets.