Opened 11 years ago
Last modified 11 years ago
#5258 closed defect
HFA Driver: Few places caused access violation due to null strings — at Initial Version
| Reported by: | jefflacoste | Owned by: | warmerdam |
|---|---|---|---|
| Priority: | normal | Milestone: | 1.10.2 |
| Component: | GDAL_Raster | Version: | 1.10.1 |
| Severity: | normal | Keywords: | |
| Cc: |
Description
In 'hfaopen.cpp': Following lines use 'poPro->proName', 'poPro->proSpheroid.sphereName' and 'poPro->proExeName' and if any of them happen to be null, this cause an access violation and a crash.
1450 nSize = 34 + 15 * 8 1451 + 8 + strlen(poPro->proName) + 1 1452 + 32 + 8 + strlen(poPro->proSpheroid.sphereName) + 1; 1453 1454 if( poPro->proExeName != NULL ) 1455 nSize += strlen(poPro->proExeName) + 1; 1456 Also: 1600 nSize = 26 + strlen(poDatum->datumname) + 1 + 7*8;
I run into this while converting some .bt (binary terrain) to Erdas Imagine format.
1450 nSize = 34 + 15 * 8 1451 + 8 + strlen(poPro->proName) + 1 1452 + 32 + 8 + strlen(poPro->proSpheroid.sphereName) + 1; 1453 1454 if( poPro->proExeName != NULL ) 1455 nSize += strlen(poPro->proExeName) + 1; 1456
A simple fix would be to initialize the length to 0 and update it the string in question is not not null with the real length.
Also in 'hfaentry.cpp':
We are setting the string and if it happens to be null, SetFieldValue would cause a crash:
901 CPLErr HFAEntry::SetStringField( const char * pszFieldPath, 902 const char * pszValue ) 903 904 { 905 return SetFieldValue( pszFieldPath, 's', (void *) pszValue ); 906 }
Thanks
