Opened 18 years ago

Last modified 16 years ago

#970 closed defect

OGRMakeWktCoordinate overflow — at Initial Version

Reported by: warmerdam Owned by: warmerdam
Priority: normal Milestone: 1.4.2
Component: OGR_SF Version: unspecified
Severity: normal Keywords:
Cc: warmerdam


From Carlos A. Rueda <>

I have just found that some "normal" double values make
OGRMakeWktCoordinate to generate a segmentation fault because the
internal char arrays are too small for the sprintf formatting.
Below is a small program that demonstrates the problem:

$ g++ -Wall -lgdal
$ ./a.out
A extreme but normal double value = 0xffffffffffefffff
   printed with %g = -1.79769e+308
   isnormal(value) returns 1
   printed with %.15f, the format used by OGRMakeWktCoordinate, =
Segmentation fault

Note: I made the test on a liitle-endian machine.

Best regards,


///////////////// ///////////////////////
// OGRMakeWktCoordinate bug
#include "ogr_geometry.h"
#include "ogr_p.h"
#include <cstdio>
#include <cmath>
using namespace std;

int main(int argc, char ** argv) {

    printf("A extreme but normal double value = 0xffffffffffefffff\n");
    long dd[2] = { 0xffffffff, 0xffefffff };
    double value = *((double*) dd);

    printf("  printed with %%g = %g\n", value);
    printf("  isnormal(value) returns %d\n", isnormal(value));
    printf("  printed with %%.15f, the format used by
OGRMakeWktCoordinate, = %.15f\n", value);

    // now, the bug:
    char szCoordinate[80];   // as in OGRPoint::exportToWkt

    OGRMakeWktCoordinate(szCoordinate, value, 0.0, 0.0, 2);

    // we dont get this far -> segfault!

    return 0;

Change History (0)

Note: See TracTickets for help on using tickets.