Opened 8 years ago

Closed 8 years ago

Last modified 8 years ago

#4592 closed defect (fixed)

ParseCoordinate in kmlnode.cpp causes stack overflow

Reported by: avitebskiy Owned by: warmerdam
Priority: normal Milestone: 1.9.1
Component: OGR_SF Version: unspecified
Severity: normal Keywords:
Cc:

Description

How to reproduce: Run ParseCoordinate? from gdal 1.8.0 version of ogr/ogrsf_frmts/kml/kmlnode.cpp with a valid set of coordinates like "1,1,1", make sure that the last character is a digit. Line 101 of kmlnode.cpp will produce an "index out of range" assertion.

Impact: While normally this will not fail, it potentially can cause unexpected problems.

Resolution: see attached patch

Attachments (1)

kmlnode.cpp-1.8.0.patch (397 bytes) - added by avitebskiy 8 years ago.

Download all attachments as: .zip

Change History (3)

Changed 8 years ago by avitebskiy

Attachment: kmlnode.cpp-1.8.0.patch added

comment:1 Changed 8 years ago by Even Rouault

Component: defaultOGR_SF
Milestone: 1.9.1
Resolution: fixed
Status: newclosed

I've not managed to reproduce any crash, but indeed I think there might have been out of range access. I've fixed it differently. Fixed in trunk (r24175) and in branches/1.9 (r24176)

comment:2 Changed 8 years ago by Even Rouault

r24177 /trunk/gdal/ogr/ogrsf_frmts/kml/kmlnode.cpp: KML: simplify ParseCoordinate?() implementation (#4592)

r24178 /branches/1.9/gdal/ogr/ogrsf_frmts/kml/kmlnode.cpp: KML: simplify ParseCoordinate?() implementation (#4592)

Note: See TracTickets for help on using tickets.