Opened 13 years ago
Closed 13 years ago
#4020 closed defect (fixed)
Out of memory error in NITFLoadAttributeSection
Reported by: | rprinceley | Owned by: | warmerdam |
---|---|---|---|
Priority: | normal | Milestone: | 1.8.1 |
Component: | GDAL_Raster | Version: | svn-trunk |
Severity: | normal | Keywords: | NITF |
Cc: | gaopeng |
Description
Attached NITF triggers an OOM error (nASSSize is -43) in function NITFLoadAttributeSection():
if (nNextOffset > 0 && nNextOffset - nASSOffset > nASSSize) nASSSize = nNextOffset - nASSOffset; /* Be sure that the attribute subsection is large enough to hold the */ /* offset table (otherwise NITFFetchAttribute coud read out of the buffer) */ if (nASSSize < 8 * nAttrCount) { CPLError( CE_Warning, CPLE_AppDefined, "Attribute subsection not large enough (%d bytes) to contain %d attributes.", nASSSize, nAttrCount ); return; } /* -------------------------------------------------------------------- */ /* Load the attribute table. */ /* -------------------------------------------------------------------- */ pabyAttributeSubsection = (GByte *) VSIMalloc(nASSSize); if( pabyAttributeSubsection == NULL )
Attachments (1)
Change History (3)
by , 13 years ago
Attachment: | underflow.ntf added |
---|
comment:1 by , 13 years ago
Status: | new → assigned |
---|
comment:2 by , 13 years ago
Keywords: | NITF added |
---|---|
Milestone: | → 1.8.1 |
Resolution: | → fixed |
Status: | assigned → closed |
Note:
See TracTickets
for help on using tickets.
The problem is the segment size adjustment done by:
The nNextOffset is actually less than nASSOffset so nASSize is adjusted to what would be a negative value, but wraps to a large positive value since nASSSize is 32bit unsigned. I will try to come up with some improved logic around the "next segment offset" detection for this hacky workaround.