Context Navigation

← Previous Change
Ticket History
Next Change →

Changes between Initial Version and Version 1 of Ticket #5464

Timestamp:: May 8, 2014, 10:47:23 AM (10 years ago)
Author:: Even Rouault
Comment:

Legend:

: Unmodified
: Added
: Removed
: Modified

Ticket #5464 – Description

-              initial
+              v1
 There are situations where a few bytes can be written after then end of a buffer.
 For example with the attached dataset.
+{{{
+$ valgrind ogrinfo /vsizip/ticket5464.gdb.zip/tmp.gdb/a00000003.gdbtable -al
+==23995== Memcheck, a memory error detector
+==23995== Copyright (C) 2002-2009, and GNU GPL'd, by Julian Seward et al.
+==23995== Using Valgrind-3.6.0.SVN-Debian and LibVEX; rerun with -h for copyright info
+==23995== Command: ogrinfo /vsizip/ticket5464.gdb.zip/tmp.gdb/a00000003.gdbtable -al
+==23995==
+Had to open data source read-only.
+INFO: Open of `/vsizip/ticket5464.gdb.zip/tmp.gdb/a00000003.gdbtable'
+      using driver `OpenFileGDB' successful.
+Layer name: GDB_SpatialRefs
+Geometry: Unknown (any)
+Feature Count: 2
+Layer SRS WKT:
+(unknown)
+FID Column = ID
+SRTEXT: String (0.0)
+FalseX: Real (0.0)
+FalseY: Real (0.0)
+XYUnits: Real (0.0)
+FalseZ: Real (0.0)
+ZUnits: Real (0.0)
+FalseM: Real (0.0)
+MUnits: Real (0.0)
+XYTolerance: Real (0.0)
+ZTolerance: Real (0.0)
+MTolerance: Real (0.0)
+OGRFeature(GDB_SpatialRefs):1
+  SRTEXT (String) = GEOGCS["GCS_WGS_1984",DATUM["D_WGS_1984",SPHEROID["WGS_1984",6378137.0,298.257223563]],PRIMEM["Greenwich",0.0],UNIT["Degree",0.0174532925199433]]
+  FalseX (Real) = -180
+  FalseY (Real) = -90
+  XYUnits (Real) = 1000000
+  FalseZ (Real) = (null)
+  ZUnits (Real) = (null)
+  FalseM (Real) = (null)
+  MUnits (Real) = (null)
+  XYTolerance (Real) = 2e-06
+  ZTolerance (Real) = (null)
+  MTolerance (Real) = (null)
+==23995== Invalid write of size 1
+==23995==    at 0x5A9D483: OpenFileGDB::FileGDBTable::SelectRow(int) (filegdbtable.cpp:1082)
+==23995==    by 0x5D09FBD: OGROpenFileGDBLayer::GetNextFeature() (ogropenfilegdblayer.cpp:1249)
+==23995==    by 0x40434D: ReportOnLayer(OGRLayer*, char const*, char const*, OGRGeometry*) (ogrinfo.cpp:557)
+==23995==    by 0x403929: main (ogrinfo.cpp:334)
+==23995==  Address 0x17785ab2 is 0 bytes after a block of size 242 alloc'd
+==23995==    at 0x4C274A8: malloc (vg_replace_malloc.c:236)
+==23995==    by 0x5A05BB1: VSIMalloc (cpl_vsisimple.cpp:505)
+==23995==    by 0x5A9BD7C: OpenFileGDB::FileGDBTable::Open(char const*) (filegdbtable.cpp:670)
+==23995==    by 0x5D06F89: OGROpenFileGDBLayer::BuildLayerDefinition() (ogropenfilegdblayer.cpp:255)
+==23995==    by 0x5D07723: OGROpenFileGDBLayer::GetGeomType() (ogropenfilegdblayer.cpp:414)
+==23995==    by 0x403D89: ReportOnLayer(OGRLayer*, char const*, char const*, OGRGeometry*) (ogrinfo.cpp:460)
+==23995==    by 0x403929: main (ogrinfo.cpp:334)
+==23995==
+OGRFeature(GDB_SpatialRefs):2
+  SRTEXT (String) = GEOGCS["GCS_Australian_Antarctic_1998",DATUM["D_Australian_Antarctic_1998",SPHEROID["GRS_1980",6378137.0,298.257222101]],PRIMEM["Greenwich",0.0],UNIT["Degree",0.0174532925199433]]
+  FalseX (Real) = -400
+  FalseY (Real) = -400
+  XYUnits (Real) = 1000000000
+  FalseZ (Real) = -100000
+  ZUnits (Real) = 10000
+  FalseM (Real) = (null)
+  MUnits (Real) = (null)
+  XYTolerance (Real) = 8.983153e-09
+  ZTolerance (Real) = 0.001
+  MTolerance (Real) = (null)
+}}}