Opened 8 years ago
Last modified 8 years ago
#6312 closed defect
Memory access violation in OGRFeature::SetGeomField when old and new pointers refer to the same geometry — at Version 1
| Reported by: | dsogari | Owned by: | warmerdam |
|---|---|---|---|
| Priority: | normal | Milestone: | 2.0.2 |
| Component: | default | Version: | svn-trunk |
| Severity: | normal | Keywords: | OGRfeature SetGeomField |
| Cc: |
Description (last modified by )
Perhaps this is not a naturally ocurring use case scenario, but the SetGeomField member function of OGRFeature that takes the field index as parameter is not robust, in that it does not check whether the old geometry pointer is the same as the new one. In the case that they are the same (papoGeometries[iField] == poGeomIn) the call of the clone() method (line 744 of ogrfeature.cpp in trunk) causes memory access violation, because the geometry's destructor is executed in the preceding delete statement (line 741 of ogrfeature.cpp).
Fix: save papoGeometries[iField] to a temp variable and delete it afterwards
OGRGeometry *oldGeometry = papoGeometries[iField]; ... delete oldGeometry;
I guess that SetGeomFieldDirectly should also have a similar check, despite the nonsensical nature of this use case scenario.
