Opened 10 years ago

Closed 10 years ago

Last modified 10 years ago

#4592 closed defect (fixed)

ParseCoordinate in kmlnode.cpp causes stack overflow

Reported by: avitebskiy Owned by: warmerdam
Priority: normal Milestone: 1.9.1
Component: OGR_SF Version: unspecified
Severity: normal Keywords:


How to reproduce: Run ParseCoordinate from gdal 1.8.0 version of ogr/ogrsf_frmts/kml/kmlnode.cpp with a valid set of coordinates like "1,1,1", make sure that the last character is a digit. Line 101 of kmlnode.cpp will produce an "index out of range" assertion.

Impact: While normally this will not fail, it potentially can cause unexpected problems.

Resolution: see attached patch

Attachments (1)

kmlnode.cpp-1.8.0.patch (397 bytes ) - added by avitebskiy 10 years ago.

Download all attachments as: .zip

Change History (3)

by avitebskiy, 10 years ago

Attachment: kmlnode.cpp-1.8.0.patch added

comment:1 by Even Rouault, 10 years ago

Component: defaultOGR_SF
Milestone: 1.9.1
Resolution: fixed
Status: newclosed

I've not managed to reproduce any crash, but indeed I think there might have been out of range access. I've fixed it differently. Fixed in trunk (r24175) and in branches/1.9 (r24176)

comment:2 by Even Rouault, 10 years ago

r24177 /trunk/gdal/ogr/ogrsf_frmts/kml/kmlnode.cpp: KML: simplify ParseCoordinate() implementation (#4592)

r24178 /branches/1.9/gdal/ogr/ogrsf_frmts/kml/kmlnode.cpp: KML: simplify ParseCoordinate() implementation (#4592)

Note: See TracTickets for help on using tickets.