Buffer overflow in PamHistogramToXMLTree()
|Reported by:||Ari Jolma||Owned by:||warmerdam|
In this fct there is a sprintf to a buffer (gdalpamrasterband.cpp:1107). The buffer is allocated with size 12*n + 10, n being the number of GUIntBig values to be written.
However, GUIntBig may be as big as 18446744073709551615 (http://stackoverflow.com/questions/589575/what-does-the-c-standard-state-the-size-of-int-long-type-to-be) which is 20 characters long. 12 is thus too small and it may and will cause a heap corruption error. This error appears sometimes in the Perl bindings test 03.t, which sets very large numbers into the deafult histogram. For example in http://www.cpantesters.org/cpan/report/503dafc2-a357-11e5-a04d-1fea233d5411